Re: Is this really from Microsoft or is it Spoof

From: Colin Nash [MVP] (x_at_x)
Date: 07/03/04 

Date: Sat, 3 Jul 2004 15:40:50 -0400

I think the particular message he is referencing is a valid one though (you
can subscribe to announcements at www.microsoft.com/security)

"Bruce Chambers" <bchambers@nospamcableone.net> wrote in message
news:Ov1WKsRYEHA.3476@tk2msftngp13.phx.gbl...
> Greetings --
>
> What you're apparently receiving is the output of a computer
> infected by one of several widely publicized, wide-spread, mass
> emailing worms. The virus' authors have deliberately spoofed the
> Microsoft information in the hopes of garnering more victims. This
> sort of email has been very common for at the last year or more. The
> most widely-known are:
>
> W32.Swen.A_mm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
>
> W32.Dumaru_mm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html
>
> W32.Gibe_mm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html
>
> Trojan.Xombe
> http://www.symantec.com/avcenter/venc/data/trojan.xombe.html
>
> Microsoft never has, does not currently, and very probably never
> will email unsolicited security patches. At the most, if, and only
> if, you subscribe to their security notification newsletter, they will
> send you an email informing you that a new patch is available for
> downloading.
>
> Microsoft Policies on Software Distribution
> http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp
>
> Information on Bogus Microsoft Security Bulletin Emails
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp
>
> How to Tell If a Microsoft Security-Related Message Is Genuine
> http://www.microsoft.com/security/antivirus/authenticate_mail.asp
>
> Remember, any and all legitimate patches and updates are readily
> available at http://windowsupdate.microsoft.com/. You should develop
> the habit of checking this site at least once a month to keep your
> computer up-to-date. (Notice that this is the true URL, rather than
> the bogus one that may have been contained in the email you received.)
> Any messages that point to any other source(s) or claim to have the
> patch attached are bogus.
>
> You're receiving these emails because your email address is in
> the address book of someone infected with a worm, and/or because you
> posted your real email address somewhere on-line, either in a forum
> accessible to the public and spambots, such as Usenet, or on an
> untrustworthy web site that subsequently sold your address as part of
> a mailing list. One thing you can do is notify _everyone_ with whom
> you've ever corresponded via email that one or more of them may be
> infected with a mass emailing worm, and should take the appropriate
> steps. You can also ask your ISP to take steps to preclude their mail
> server from passing on such emails. Many ISPs have such filtering
> capabilities.
>
>
> Bruce Chambers
> --
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. - RAH
>
>
> "Jim Licata" <anonymous@discussions.microsoft.com> wrote in message
> news:2597301c460aa$2e2ceee0$a501280a@phx.gbl...
>> I received an email claiming to be a Microsoft Security
>> Update. It claimed there was a new security fix out today
>> for IE 6, SP2. It provided a link to
>> http://www.microsoft.com/downloadiect. My system
>> currently has a virus Norton 2004 is not blocking, and is
>> acting funky in a number of ways. I have become very
>> suspicious of provided links lately. I cannot find
>> anything like this download by directly browsing the
>> Microsoft.com or Microsoft.com/download sites. If
>> Microsoft really created these, why can't I find any
>> reference to IE6 SP2 without using this link?
>>
>> Is there a way to forward something like this email to
>> Microsoft so they can take action if it's false. It sure
>> looks real, but I have my doubts.
>>
>> Jim
>>
>
>

Quantcast