Re: Worrisome email

Subject: Re: Worrisome email
From: surfer_924 -at- earthlink -dot- net
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Wed, 16 Apr 2003 06:15:32 -0600


From:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/bogus.asp


Information on Bogus Microsoft Security Bulletin
Microsoft has learned that a malicious user is circulating an e-mail that
purports to be a Microsoft Security Bulletin, and which directs the reader
to download an executable file from a web site. Customers who receive such
an e-mail should delete it, and under no circumstances should they
download the executable. The would-be bulletin claims to be Microsoft
Security Bulletin MS01-037. However, the issue it describes is fictitious.
In addition, it provides a link to a web site whose URL looks like the
Microsoft web site, but in reality is not. The "patch" hosted on the site
is a piece of hostile code <http://www.symantec.com/avcenter/venc/data/w32.leave.b.worm.html> that could enable an attacker to remotely
control another user?s system. There are several dead giveaways that
indicate that the e-mail isn?t a bona fide security bulletin: The e-mail
isn't signed using the Microsoft Security Response Center?s PGP key.
Microsoft always signs its bulletins before mailing them, and you can
verify the signature using the key we publish at
http://www.microsoft.com/technet/security/bulletin/notify.asp </technet/security/bulletin/notify.asp>. If you are
ever in doubt about the authenticity of a bulletin mailer you?ve received,
consult the web-hosted bulletins on the Microsoft Security </technet/security/current.asp> web site ? the
versions there are the authority versions. The e-mail contains a link to
a supposed patch. Authentic bulletin mailers never provide a link to the
patch; instead, they refer the reader to the complete version of the
bulletin on our web site, which provides a link to the patch. The "patch"
the bogus bulletin links to isn't digitally signed. Microsoft always
digitally signs the patches it releases. Always be sure you check the
signature of any executable before installing it on your system.
Microsoft is taking aggressive action to protect customers from this
issue. We have contacted the Internet Service Provider where the
counterfeit patch was hosted, and they have removed it. We also are
working with the anti-virus community to ensure that current virus scanner
products will detect the hostile code and remove it. Just the same, this
is not the first time malicious users have issued counterfeit security
bulletins, and it will likely not be the last. Microsoft urges customers
to always verify any mail that claims to be a Microsoft security bulletin.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Purchase RoboHelp X3 in April and receive a $100 mail-in
rebate, plus FREE RoboScreenCapture and WebHelp Merge Module.
Order here: http://www.ehelp.com/techwr-l/


Help celebrate TECHWR-L's 10th Anniversary starting this month!
Check out the contests at http://www.raycomm.com/techwhirl/special/contests/
Happy birthday to you, happy birthday to you, happy birthday TECHWR-L....

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



Previous by Author: RE: Usage Question - units in a numerical range
Next by Author: Re: certification
Previous by Thread: Re: Worrisome email
Next by Thread: ADMIN: Virii and the like


What this post helpful? Share it with friends and colleagues:


Sponsored Ads