lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0HD100KUBOQP5N@smtp2.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Fwd: Internet Security Update

Brad Knowles <brad.knowles@...net.be> wrote:

>  I don't think this is a real Microsoft security announcement 
> (they wouldn't be likely to be sent via an unknown IP address over in 
> the space owned by hiwaay.net), but it does appear to be the result 
> of a hoax, a virus, or a Trojan Horse that I have not yet heard of.

Very good Watson...

>  I've done various searches via Google and on the web sites of the 
> anti-virus vendors, and haven't turned up anything on this issue. 

What did you search for???

> Have I missed something?

The daily application of a clue-by-four?

Here is the beginning of the message of which you were suspicious:

> Microsoft Customer
> <BR><BR>
> this is the latest version of security update, the<BR>
> "April 2003, Cumulative Patch" update which eliminates<BR>
> all known security vulnerabilities affecting Internet Explorer,<BR>
> Outlook and Outlook Express as well as five newly<BR>

Note the obvious (to native English speakers) grammatical error 
common to folk who learnt English as a second language who often 
struggle with articles?

Note the sentence does not start with an uppercase letter?

Both good clues in themselves that this is not from Microsoft without 
even having to worry about looking at the headers.  Oh yes, and 
Microsoft, as a matter of policy _never_ sends patches or updates via 
Email:

   http://www.microsoft.com/technet/security/policy/swdist.asp

Googling for the phrase "this is the latest version of security 
update" turned up about 780 hits, the first ten of which were all 
antivirus developer virus descriptions or various security company or 
security service teams' warnings about the (then) new Gibe.B virus.

When was "then"?

23 February was the date Gibe.B was discovered.

Finally, isn't it illegal in Belgium to spread viruses?  I hope any 
members of your local constabulary on this list take a lenient view 
of your including what you clearly thought was a suspicious 
attachment (and is, in fact, a virus) in your post to many thousands 
of people...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ