Re: A new one.

From: N. Miller (nsm_at_blackhole.aosake.net)
Date: 03/13/04 

Date: Fri, 12 Mar 2004 16:15:29 -0800

In article <d9253152.0403121016.1e6b219@posting.google.com>,
asclero@zdnetonebox.com says...

> Yesterday an e-mail message purportedly from Microsoft arrived, urging
> me to open its attachment for a security update. The MS website
> states that any updates arriving as attachments to e-mails are bogus.
> Should I just zap the sucker or does Microsoft have a safe
> recepticle I can forward it to where they can dissect it?

You need to have the latest definitions on a current antivirus program
before you start sending suspicious files for analysis. Only if the most
recent definitions fail to alert on a suspicious file should you submit it
for analysis. Where you submit a file for analysis depends upon which
antivirus program you are running. Don't pester Microsoft, though; they
didn't send it, and they don't (at this time) write antivirus software.

Otherwise your only recourse is to try and notify the sender's ISP. And
please note; by "sender" I mean the operator of the infected computer, not
the "From:", "Reply-To:", or "Return-Path:" email address; all of which are
normally forgeries. The "sender" is not the actual owner of the infected PC,
but the virus running on that PC. Some mid-size Eurpopean ISPs seem amenable
to acting on reports of viral infections, but most of the larger U.S. ISPs
tend to brush off such reports. I suppose that is because they have smaller
staffs than the European companies, and, probably, more infected users than
the entire customer base of one of those European ISPs. 

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint