[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0HD100KUBOQP5N@smtp2.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Fwd: Internet Security Update
Brad Knowles <brad.knowles@...net.be> wrote:
> I don't think this is a real Microsoft security announcement
> (they wouldn't be likely to be sent via an unknown IP address over in
> the space owned by hiwaay.net), but it does appear to be the result
> of a hoax, a virus, or a Trojan Horse that I have not yet heard of.
Very good Watson...
> I've done various searches via Google and on the web sites of the
> anti-virus vendors, and haven't turned up anything on this issue.
What did you search for???
> Have I missed something?
The daily application of a clue-by-four?
Here is the beginning of the message of which you were suspicious:
> Microsoft Customer
> <BR><BR>
> this is the latest version of security update, the<BR>
> "April 2003, Cumulative Patch" update which eliminates<BR>
> all known security vulnerabilities affecting Internet Explorer,<BR>
> Outlook and Outlook Express as well as five newly<BR>
Note the obvious (to native English speakers) grammatical error
common to folk who learnt English as a second language who often
struggle with articles?
Note the sentence does not start with an uppercase letter?
Both good clues in themselves that this is not from Microsoft without
even having to worry about looking at the headers. Oh yes, and
Microsoft, as a matter of policy _never_ sends patches or updates via
Email:
http://www.microsoft.com/technet/security/policy/swdist.asp
Googling for the phrase "this is the latest version of security
update" turned up about 780 hits, the first ten of which were all
antivirus developer virus descriptions or various security company or
security service teams' warnings about the (then) new Gibe.B virus.
When was "then"?
23 February was the date Gibe.B was discovered.
Finally, isn't it illegal in Belgium to spread viruses? I hope any
members of your local constabulary on this list take a lenient view
of your including what you clearly thought was a suspicious
attachment (and is, in fact, a virus) in your post to many thousands
of people...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists