Swen also uses microsoft.com; the samples I have received do so more often than not.
For a full list, see: http://www.f-secure.com/v-descs/swen.shtml Regards, Mary Landesman Antivirus About.com Guide http://antivirus.about.com ----- Original Message ----- From: "Chris DeVoney" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 5:38 PM Subject: RE: [Full-Disclosure] FW: Last Microsoft Patch Others will address the virus represented in this trojan e-mail, but MSNBC is the domain for the Microsoft-NBC news web site. The pure illogic of sending out security outdates from a domain for news/weather/sports is pretty strong. So was using MSN.COM, their internet service, as a domain. If the masqueraders had used Microsoft.com, it may have been a more believable trojan (except that Microsoft states repeatedly they NEVER e-mail outdates). cdv -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Curt Purdy Sent: Wednesday, October 15, 2003 12:05 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] FW: Last Microsoft Patch Anybody else get this? Looks legit, originating address is from msnbc.com. But can't believe even Microsoft would be this stupid after the rash of trojan-attached "patch announcements" lately. Plus all security people have been saying that Microsoft would never email a patch out. Or are they thinking, "Send this out so all the stupid people will click on this before they click on a real trojan? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
