Re: Is This A Hoax or Virus ?

From: Alaa Abdelhalim [MSFT] (alaa_at_online.microsoft.com)
Date: 07/31/03 

Date: Wed, 30 Jul 2003 19:13:43 -0700

Your conclusions are correct.
Other indicators are bad grammar, having the patch attached, and receiving
this without solicitation.

Here's more info on what authentic Microsoft emails look like (and they only
arrive if you've signed up for the bulletins)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

Thank you 

-- 
Alaa Abdelhalim [MSFT]
-----
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
"Julian Rawle" <j.rawle@comcast.net> wrote in message
news:049701c356de$471e6a90$a401280a@phx.gbl...
I have today received an e-mail and attachment
entitled "Network Security Update" from "MS Corporation
Network Customer Support". The text of the message is as
follows :
QUOTE
Microsoft Consumer
this is the latest version of security update, the
"July 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet
Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your
computer
from these vulnerabilities, the most serious of which
could allow
an attacker to run executable on your system. This update
includes
the functionality of all previously released patches.
System requirements Win 9x/Me/2000/NT/XP
This update applies to Microsoft Internet Explorer,
version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the
earliest opportunity.
How to install Run attached file. Click Yes on displayed
dialog box.
How to use You don't need to do anything after installing
this item.
Microsoft Product Support Services and Knowledge Base
articles
can be found on the Microsoft Technical Support web site.
For security-related information about Microsoft products,
please
visit the Microsoft Security Advisor web site, or Contact
us.
Please do not reply to this message. It was sent from an
unmonitored
e-mail address and we are unable to respond to any
replies.
Thank you for using Microsoft products.
With friendly greetings,
MS Corporation Network Customer Support
-----------------------------------------------------------
---------------------
©2003 Microsoft Corporation. All rights reserved. The
names of the actual companies
and products mentioned herein may be the trademarks of
their respective owners.
UNQUOTE
I am suspicious because MS updates and patches usually
come to me via Internet Explorer and not as an e-mail.
I checked the message headers which contain the following :
QUOTE
Date: Wed, 30 Jul 2003 15:40:31 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822
minimum requirements
X-Comment: Date has been added by Maillennium
Received: from smtp.wp.pl ([212.77.101.161])
          by sccrmxc13.comcast.net (sccrmxc13) with ESMTP
          id <20030730154030s130032scle>; Wed, 30 Jul 2003
15:40:31 +0000
Received: (WP-SMTPD 15830 invoked from network); 30 Jul
2003 15:40:30 -0000
Received: from vp43.neoplus.adsl.tpnet.pl (HELO tzjHipHn)
([80.50.135.43])
          (envelope-sender <maximobil@wp.pl>)
          by smtp.wp.pl (wp-smtpd) with SMTP
          for <jgglpg@aol.com>; 30 Jul 2003 15:40:29 -0000
FROM: "MS Corporation Network Customer Support"
<sjwvpp123299@oYvpEwU.com>
TO: "Microsoft Consumer"
SUBJECT: Network Security Update
X-Virus-Scanned: NOD32
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="SlsDHJYrXHeyNfD"
X-AntiVirus: skaner antywirusowy poczty Wirtualnej Polski
S. A.
X-WP-ChangeAV: 1
UNQUOTE
Two things caught my eye here. First "Sending client does
not conform to RFC822 minimum requirements" and second,
there are various references to Poland. I have not heard
that Microsoft has relocated its customer support to
Warsaw and so I am not going to open this e-mail or the
attachment unless someone can convince me that this is a
genuine update from Microsoft !
Thanks
Quantcast