> Thanks for the reminder on that. So much of the focus is on the appearance of the email itself, sometimes these smaller details are easy to forget, i.e. the fact that it can also send itself as a bounce message or that it spoofs a variety of from addresses. I wonder sometimes if the focus on the patch masquerade has actually helped Swen's efforts to spread, since all the cautions are about one specific facet of it. Hence, those users who aren't expecting it to be in a bounce message might believe the bounce message to be legitimate and be more inclined to open the attachment, not having "heard" about this as being a threat.
> organic memory parity error My new favorite phrase! Now if I can only remember it... -- Mary ----- Original Message ----- From: "Chris DeVoney" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 16, 2003 2:54 PM Subject: RE: [Full-Disclosure] FW: Last Microsoft Patch On Wednesday, October 15, 2003 4:41 PM, Mary Landesman wrote: > Swen also uses microsoft.com; the samples I have received do > so more often than not. > > For a full list, see: http://www.f-secure.com/v-descs/swen.shtml Thanks for the reminder on that. The first couple of these I received had MSN.COM and MSNBC.COM and some pseudo security mail box from Microsoft.com. The first two immediately made me darn suspicious even before the synapses clicked on MS never e-mailing these things. As my using outdates vs. updates (which, mercifully no one has pointed out my obvious error), maybe there is a new outward patch delivery mechanism ... or an organic memory parity error occurred. cdv _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
