Man, that is sneaky. You're right, M$ never emails security patches out (that I know of). In addition, I just checked the bulletins/updates page at the following ridiculously long URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ current.asp and there are only two updates released so far in March. I think you should report it to M$, or some virus reporting channel (sarc.com, sophos.com, etc.)...OR...send it to CNN with a big headline like "MICROSOFT DISTRIBUTING VIRUSES!" ;) -----Original Message----- From: John Hebert [mailto:[EMAIL PROTECTED] Sent: Saturday, March 09, 2002 10:34 PM To: [EMAIL PROTECTED] Subject: [brluglist] M$ virus writers are getting clever was Fwd: Internet Security Update Dang, but virus writers are getting clever. I just received this. The tip off was that I had never received software updates via email from M$ before. I know that I had registered with M$ in the past at a previous job, but damn, that was 3 years ago. I'm pretty sure it is an attempt by a virus writer to get me to run an infected file. What do you think? --- Microsoft Corporation Security Center <[EMAIL PROTECTED]> wrote: > From pop_server."john"@mail.eatel.net Sat Mar 9 > 20:17:29 2002 > From: "Microsoft Corporation Security Center" > <[EMAIL PROTECTED]> > To: "Microsoft Customer" <'[EMAIL PROTECTED]'> > Subject: Internet Security Update > Reply-to: <[EMAIL PROTECTED]> > Date: Sat, 9 Mar 2002 21:51:00 +0000 > > > Microsoft Customer, > > this is the latest version of security update, > the > "5 Mar 2002 Cumulative Patch" update which [chunk of original message snipped] > ---------------------------------------- > Microsoft is registered trademark of Microsoft > Corporation. > Windows and Outlook are trademarks of Microsoft > Corporation. > > ATTACHMENT part 2 application/x-msdownload >name=q216309.exe >>and here is the original header: >>From pop_server."john"@mail.eatel.net Sat Mar 9 >>20:17:29 2002 >>Received: from mail.eatel.net by >>web10702.mail.yahoo.com with YMEXTPOP; Sat, 09 Mar >>2002 20:17:29 PST >>Received: from spf8.us4.outblaze.com >>(205-158-62-35.outblaze.com [205.158.62.35]) by >>ens1.eatel.net (8.12.0/8.12.0) with SMTP id >>g29Lp7OM019567 for <[EMAIL PROTECTED]>; Sat, 9 Mar 2002 >>15:51:08 -0600 (CST) >>Received: from mtiwmhc22.worldnet.att.net >>(mtiwmhc22.worldnet.att.net [204.127.131.47]) by >>spf8.us4.outblaze.com (8.11.6/8.11.6/us4-srs) with >>ESMTP id g29Lp1j19179 for <[EMAIL PROTECTED]>; Sat, 9 >>Mar 2002 21:51:02 GMT >>Received: from pfuckie ([12.90.11.176]) by >>mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 >>201-229-121-127-20010626) with SMTP id >><[EMAIL PROTECTED]>; >>Sat, 9 Mar 2002 21:50:01 +0000 >>From: "Microsoft Corporation Security Center" >><[EMAIL PROTECTED]> | Block Address | Add to >>Address Book >To: "Microsoft Customer" <'[EMAIL PROTECTED]'> >Subject: Internet Security Update >Reply-to: <[EMAIL PROTECTED]> >MIME-Version: 1.0 >Content-Type: multipart/mixed; >boundary="NextPart_000235" >Message-Id: ><[EMAIL PROTECTED]> >Date: Sat, 9 Mar 2002 21:51:00 +0000 >X-UIDL: #UF!!8h<!!kV*"!JM3"! >Content-Length: 112380 >>I'm not sure if I should report this or let it run its course. If anybody wants the attached file, email me. >>John Hebert ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================
