Coffeehouse Thread

10 posts

Microsoft 'Security Update' virus

Back to Forum: Coffeehouse
  • User profile image
    Manip

    E-Mail I just received, has blue Microsoft Menu's at the top and Microsoft graphics all over the place. Also had the W32/Swen@MM virus attached:

    Microsoft Consumer

    this is the latest version of security update, the "July 2004, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities. This update includes the functionality of all previously released patches.


     System requirements Windows 95/98/Me/2000/NT/XP
     This update applies to MS Internet Explorer, version 4.01 and later
    MS Outlook, version 8.00 and later
    MS Outlook Express, version 4.01 and later
     Recommendation Customers should install the patch at the earliest opportunity.
     How to install Run attached file. Choose Yes on displayed dialog box.
     How to use You don't need to do anything after installing this item.

    Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

    Thank you for using Microsoft products.

    Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

  • User profile image
    sbc

    What does an official Microsoft security email actually look like?

    They wouldn't attach files (link to download instead) and would not prefix products with MS (i.e. MS Internet Explorer). So, fake emails should be easy to spot.

  • User profile image
    jonathanh

    Sounds like a good email to forward to security@microsoft.com

  • User profile image
    manickernel

    The one I like best is the Beagle/Bagel virus that puts a message in the body berating the user for being a spammer and forges the local email domain impersonating the "from:" field with admin@mydomain.com. Our firewall strips the virus attachement, but since the body goes thru I constantly have users calling to ask forgiveness and not to cut off their email;)

  • User profile image
    Manip

    jonathanh wrote:
    Sounds like a good email to forward to security@microsoft.com


    I did as soon as I read it (before I posted). I just thought I would post it, so that someone else wouldn't run the patch. I wouldn't have ever run the 'patch' even if my Anti-Virus hadn't detected it. But I will admit, it is a very good fake as fare as fakes go.

  • User profile image
    Mike Dimmick

    sbc wrote:
    What does an official Microsoft security email actually look like?


    If y'all forgive a cut-and-paste job:

    Reply-To: <3_62796_9B16164D-B438-D311-821B-00805F773F1E_UK@Newsletters.Microsoft.com>
    From: "Microsoft" <0_62796_9B16164D-B438-D311-821B-00805F773F1E_UK@Newsletters.Microsoft.com>
    To: <my address>
    Subject: Microsoft Security Bulletin Re-Releases, June 2004

    -----BEGIN PGP SIGNED MESSAGE-----

    ********************************************************************
    Title: Microsoft Security Bulletin Re-Releases, June 2004
    Issued: June 15, 2004
    ********************************************************************

    Summary
    =======
    The following bulletins have undergone a major revision increment.
    Please see the appropriate bulletin for more details.

    * MS04-011

    Bulletin Information:
    =====================

    * MS04-011

      - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
      - Reason for re-release: Updated bulletin to advise on the
        availability of an updated Windows NT 4.0 Workstation update for
        the Pan Chinese language. This update should be installed by
        customers even if the original update was installed.
      - Originally posted: April 13, 2004
      - Updated: June 15, 2004
      - Bulletin Severity Rating: Critical
      - Version: 2.0

    ********************************************************************

    Support:
    ========
    Technical support is available from Microsoft Product Support
    Services at 1-866-PC SAFETY (1-866-727-2338). There is no
    charge for support calls associated with security updates.
    International customers can get support from their local Microsoft
    subsidiaries. Phone numbers for international support can be found
    at: http://support.microsoft.com/common/international.aspx
     
    Additional Resources:
    =====================
    * Microsoft has created a free monthly e-mail newsletter containing
      valuable information to help you protect your network. This
      newsletter provides practical security tips, topical security
      guidance, useful resources and links, pointers to helpful
      community resources, and a forum for you to provide feedback
      and ask security-related questions.
      You can sign up for the newsletter at:

      http://www.microsoft.com/technet/security/secnews/default.mspx

    * Microsoft has created a free e-mail notification service that
      serves as a supplement to the Security Notification Service
      (this e-mail). It provides timely notification of any minor
      changes or revisions to previously released Microsoft Security
      Bulletins. This new service provides notifications that are
      written for IT professionals and contain technical information
      about the revisions to security bulletins.
      Visit http://www.microsoft.com to subscribe to this service:

      - Click on Subscribe at the top of the page.
      - This will direct you via Passport to the Subscription center.
      - Under Newsletter Subscriptions you can sign up for the
        "Microsoft Security Notification Service: Comprehensive Version".

    * Protect your PC: Microsoft has provided information on how you
      can help protect your PC at the following locations:

      http://www.microsoft.com/security/protect/

      If you receive an e-mail that claims to be distributing a
      Microsoft security update, it is a hoax that may be distributing a
      virus. Microsoft does not distribute security updates via e-mail.
      You can learn more about Microsoft's software distribution
      policies here:

    http://www.microsoft.com/technet/security/topics/policy/swdist.mspx


    ********************************************************************
    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
    PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
    DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
    THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    PURPOSE.
    IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
    LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
    INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
    DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
    ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
    FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
    LIMITATION MAY NOT APPLY.
    ********************************************************************

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQEVAwUBQM47rY0ZSRQxA/UrAQFfWQf/Yl0YleYp4WcMwJrH/GVwNQW7sqX+Or+A
    xzaoJYnbC3eOGtFau0gt2EUVyZRcN3fGSBX+8yWUu4X072+lTBVb4oSH65fwSAiK
    wAHOshTyguL6o+eZxy2UoU9w4RvBjfPTN5u4rwDN62lCaR7JpALDEBeV6u7s/IQz
    RQgGgLK0WGcbpB5t+D5FhlDIyuia3qycP+EvfI/sjft/NUHQAJNbrKPiYYiRioRv
    ikHUPus62okmSSaKLg/bI2S4dQIjI/+uXsDywwR8AS771f/k39ugSqbBrY3Af1Z2
    NE2wqICTZuKNJ8R/De+0XdAJgrww4H9cbXsw6wr+a58DqIdMVNCkFw==
    =7Ok3
    -----END PGP SIGNATURE-----

     

    *******************************************************************

    You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service.  For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.
     
    To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.
     
    To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp
     
    If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below:
    Reply to this message with the word UNSUBSCRIBE in the Subject line.
     
    For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.

    --8<--8<--

    If you want to subscribe to the security notifications mailing list, go to http://www.microsoft.com/technet/security/bulletin/notify.mspx. Alternatively, there's an RSS feed at http://www.microsoft.com/technet/security/bulletin/secrss.aspx.

  • User profile image
    sbc

    All plain text then, with no logos. Free of attachments I guess?

    Does it really have a PGP signature? That's a bit of a surprise if it is true as Outlook does not support PGP natively.

  • User profile image
    Larry​Osterman

    Yup, every official mailing from Microsoft's security people has had a PGP signature.  I'm not 100% sure why they don't do s/mime, maybe they do both.

  • User profile image
    sbc

    Its good that they have signatures - that way you can tell if an email actually comes from the person that it claims to have come from.

    That is something that should be easier to do with Outlook. An easy way to create signatures without the cost of getting a certificate from Verisign (preferably a free signature). Or some kind of extra header data sent with an email that cannot be spoofed by someone faking the 'from' email address. It is things like this that could help against spam.

  • User profile image
    Jaz

    whats been forgotten here is that MS never distribute patches via email, so even if an authentic looking email containing a patch/program comes from MS, it won't actually be from them.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.