Mail from Microsoft regarding Blaster
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: Mon, 18 Aug 2003 12:07:29 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I've had a number of people ask. Microsoft have sent out an email to their customers regarding Blaster/LovSAN and MS03-026. I don't know where they got the email addresses from, but it is "official" in the sense it was sent on the instructions of Microsoft. They used a 3rd party to do the delivery, and did not PGP sign the message (don't ask me why they didn't.) It did not include any attachments, which Microsoft have stated they will never do.
You can go here for as much information as they're making available;
Interesting to note that they say there that all you need to do to verify the message is check the From: address and ensure its "Microsoft (@newletters.microsoft.com)". Of course we can now expect to see a spate of malware and spam using this From address and, probably, providing a link to the same Microsoft verify website.
Russ - NTBugtraq Editor
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to