This is *just* like one that was going around back in May (change the "October 2003, Cumulative Patch" to say May and it is pretty much the same. More recently, I've seen more-shoddy attempts at the same effect, carrying the W32/[EMAIL PROTECTED] payload (I've seen these posted to a security list I'm on, in the latter part of last month, Sept. 2003).
I still don't think everyone is ready for a platform change, just because of some stupid email-spread virii (which affect uneducated users) -- although I'd love to see less windoze users in general -- however I think Cory's suggestion is right on, and EVERY ONE OF US should take the responsibility to educate our friends and community about such things. Show how to view message source; the indications that none of these messages actually came from Redmond are at the very top and it is not too tricky. Institutions of any reasonable size should indeed have MTA-level filtering systems, of course, and might need them upgraded to our more modern age; but even Mozilla Mail (and Thunderbird, etc) as MUA's have far greater capabilities than Outlook and OE, to protect the user and facilitate intelligence... In short, this is not new, although it does confirm (and renew) the need to educate users! I have an idea to share: How does euglug's readership feel about speaking out to interested groups? What do y'all think of putting up a Public Service Announcement, print or radio (or otherwise) to get some representatives from our relatively sales-neutral non-profit (no caps there, as we're not an official 501c3 of course) to speak to any interested groups?? Businesses, their management, the Eugene Chamber, ... anyone. Not as email/virus experts, but simply to review to current state of technology in that department, remind them of some proper and sane practices, to show (briefly!) how to better use their existing MUA's, and finally to offer a list of suggested actions to mitigate existing risks. Thoughts? I am envisions QUICK sessions, say 15-30 minutes to touch over the rea important stuff -- like the fact that email doesn't always come from who it looks like, and how to find out = ) regards, folks, and happy autumn. Ben On Sun, 5 Oct 2003 11:25:25 -0700 Ken Barber <[EMAIL PROTECTED]> wrote: | ... just arrived in my inbox, cleverly disguised as a "security | update" from Microsoft (see below; HTML cruft & attachments | removed for obvious reasons). | | These guys are getting really good at this. This one "looks" | official.... | | You might want to warn your clueless 'doze-using friends... and, | as I did minutes ago, offer to help them convert to Linux or | Mac.... | | Ken | | ---------- Forwarded Message ---------- | | Subject: Net Critical Update | Date: Sunday 05 October 2003 10:41 | From: "MS Internet Security Section" <[EMAIL PROTECTED]> | To: "Microsoft Corporation Customer" | <[EMAIL PROTECTED]> | | Microsoft Customer | | this is the latest version of security update, the | "October 2003, Cumulative Patch" update which fixes | all known security vulnerabilities affecting | MS Internet Explorer, MS Outlook and MS Outlook Express. | Install now... _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
