I'm getting flooded with crap from the new worm-of-the-month. Most ever. It's only coming in on my mail-list account. Anybody else seeing similar stuff?
During the last 30 hours I've received maybe 20 messages which purport to be an update package from Microsoft, messages which look suspicious to me. I'll copy the beginning of one of these below.
Rich Hammer Hillsborough
<beginning of suspect message>
X-UIDL: 1a0lbP7eR3NZFjX0
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Status: U
Return-Path: <[EMAIL PROTECTED]>
Received: from VL-MO-MR001.ip.videotron.ca ([24.201.245.36])
by robin (EarthLink SMTP Server) with ESMTP id 1a0lbP7eR3NZFjX0
for <[EMAIL PROTECTED]>; Fri, 19 Sep 2003 06:20:49 -0700 (PDT)
Received: from aivnbhnf ([24.200.195.2]) by VL-MO-MR001.ip.videotron.ca
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with SMTP id <[EMAIL PROTECTED]> for
[EMAIL PROTECTED]; Fri, 19 Sep 2003 09:19:44 -0400 (EDT)
Date: Fri, 19 Sep 2003 09:19:39 -0400 (EDT)
Date-warning: Date header was inserted by VL-MO-MR001.ip.videotron.ca
From: MS Corporation Security Assistance <[EMAIL PROTECTED]>
Subject: Newest Internet Security Upgrade
To: Commercial Customer <[EMAIL PROTECTED]>
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_pPzd0M4dpFHIEKJxtAlLmQ)"
--Boundary_(ID_pPzd0M4dpFHIEKJxtAlLmQ) Content-type: multipart/related; type="multipart/alternative"; boundary="Boundary_(ID_OhttXH4zIExADOSDRp0QuQ)"
--Boundary_(ID_OhttXH4zIExADOSDRp0QuQ) Content-type: multipart/alternative; boundary="Boundary_(ID_D+ONldru0uQrfUz4JJykHA)"
--Boundary_(ID_D+ONldru0uQrfUz4JJykHA) Content-type: text/plain; CHARSET=US-ASCII Content-transfer-encoding: 7BIT
Microsoft Customer
this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your computer. This update includes the functionality of all previously released patches.
System requirements: Windows 95/98/Me/2000/NT/XP This update applies to: - MS Internet Explorer, version 4.01 and later - MS Outlook, version 8.00 and later - MS Outlook Express, version 4.01 and later
Recommendation: Customers should install the patch at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site.
http://support.microsoft.com/
For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site
http://www.microsoft.com/security/
Thank you for using Microsoft products.
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
----------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
--Boundary_(ID_D+ONldru0uQrfUz4JJykHA) Content-type: text/html; CHARSET=US-ASCII Content-transfer-encoding: 7BIT
<HTML>
<HEAD>
<style type='text/css'>.navtext{color:#ffffff;text-decoration:none}
</style>
</HEAD></beginning of suspect message>
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
