General discussion

  • Creator
    Topic
  • #2176913

    well now, isn’t that interesting…

    Locked

    by jaqui ·

    email supposedly from microsoft with security updates for ie, outbreak, outbreak express.

    it was addressed to microsoft user.

    and gibberish email addy in to field:

    Subject:
    *TELUS Detected Spam*: New Net Critical Upgrade
    From:
    “Microsoft Security Bulletin” < >
    Date:
    Sat, 12 Mar 2005 00:42:53 +0100 (added by postmaster@mail-relay-1.tiscali.it)
    To:
    “Commercial Consumer”
    X-UIDL:
    <4202030C0058A13C@mail-relay-1.tiscali.it>
    X-Mozilla-Status:
    0001
    X-Mozilla-Status2:
    10000000
    Return-Path:

    Received:
    from mail-relay-1.tiscali.it ([213.205.33.41]) by priv-edtnes82.telusplanet.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050311234816.OGE17255.priv-edtnes82.telusplanet.net@mail-relay-1.tiscali.it> for ; Fri, 11 Mar 2005 16:48:16 -0700
    Received:
    from tuflik (82.84.149.21) by mail-relay-1.tiscali.it (7.1.021.3) id 4202030C0058A13C; Sat, 12 Mar 2005 00:42:53 +0100
    Message-ID:
    <4202030C0058A13C@mail-relay-1.tiscali.it> (added by postmaster@mail-relay-1.tiscali.it)
    MIME-Version:
    1.0
    Content-Type:
    multipart/mixed; boundary=”nceykljrmmdsrex”

    Microsoft All Products | Support | Search | Microsoft.com Guide
    Microsoft Home

    Microsoft Consumer

    this is the latest version of security update, the “March 2005, Cumulative Patch” update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help maintain the security of your computer. This update includes the functionality of all previously released patches.

    System requirements Windows 95/98/Me/2000/NT/XP
    This update applies to MS Internet Explorer, version 4.01 and later
    MS Outlook, version 8.00 and later
    MS Outlook Express, version 4.01 and later
    Recommendation Customers should install the patch at the earliest opportunity.
    How to install Run attached file. Choose Yes on displayed dialog box.
    How to use You don’t need to do anything after installing this item.

    Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

    Thank you for using Microsoft products.

    Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
    The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

    Contact Us | Legal | TRUSTe
    ?2005 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility
    installer681.exe

    Content-Type:
    application/x-msdownload
    Content-Encoding:
    base64

All Comments

  • Author
    Replies
    • #3350911
      Avatar photo

      Well with all the mistakes

      by hal 9000 ·

      In reply to well now, isn’t that interesting…

      IT just could be from MS couldn’t it? 😉

      But that would be a first MS sending out an EXE as an attachment somehow I would bin it but I wonder just how many where sucked in but it. 😀

      Col ]:)

      • #3350897

        probably a

        by jaqui ·

        In reply to Well with all the mistakes

        lot of people.

        I did report to both security focus and microsoft with the content posted here.

        both received the info that I’m linux only so even the subject was obvious it wasn’t for real.

      • #3347239

        No attachments please

        by gunnar klevedal ·

        In reply to Well with all the mistakes

        I have very ernestly told all our end users that Microsoft never would send them an update in the form of an attachment, and that they never will.

        • #3335640
          Avatar photo

          I know that too

          by hal 9000 ·

          In reply to No attachments please

          But just how many home users do?

          I’m constantly telling people that MS never send out attachments for anything unless it is something that you have talked to a tech about and even then it is a rare event. I’ve only had one in my life time and that was something that was not even at the Beta test stage but it did cure a problem that we where experiencing and it wasn’t available from the MS download site so they had to send me the copy.

          But because that looks so realistic and so few people actually get the MS Security Bulletins most would think that it was real and just install it.

          I wonder what it does?

          Any ideas?

          Col

    • #3350901

      Speaking of F-Ups –

      by dafe2 ·

      In reply to well now, isn’t that interesting…

      Check this out:

      http://techrepublic.com.com/5208-6230-0.html?forumID=5&threadID=155727&messageID=1688421

      http://techrepublic.com.com/5208-6230-0.html?forumID=8&threadID=164853&messageID=1724750

      Gotta wonder how many people fall for that stuff today????

      May wife saw a few Bank Phishes the other day in her mail too. (That scares me …. she’s blonde)LOL

      • #3350898

        ~lol~

        by jaqui ·

        In reply to Speaking of F-Ups –

        so’s mine.

        but for some reason I don’t worry about that.
        ( she doesn’t trust emails from a bank )

        • #3350895

          Ditto

          by dafe2 ·

          In reply to ~lol~

          She doesn’t either………….but she does have all the ‘traits’ sometimes. LOL

          Last night:

          We were watching TV (With my three year old daughter in the room.) So I asked my wife –> ya wanna ‘duck’?

          ROFL…………

          I thought she was headed for the grocery store….instead of the bed. Yup, true blond.

      • #3347230

        Actually, the colour of your hair….

        by gunnar klevedal ·

        In reply to Speaking of F-Ups –

        Actually, the colour of your hair don’t make you a bimbo. Not your sex either. Most of us do the best we could.

        Tribute goes to Steve Wozniak

    • #3350863

      Glitch

      by deepsand ·

      In reply to well now, isn’t that interesting…

      • #3350859

        that’s kind of my points

        by jaqui ·

        In reply to Glitch

        to make them more precise:
        1) I do not have windows, so something that starts with Microsoft Consumer is a giveaway it’s spam.
        2) even if I had windows, I wouldn’t be using the email address it showed up on for contact, that is my development list address.

        anything from microsoft, msn or any variation thereof, is assumed to be spam, as I have no dealings with microsoft.

    • #3350860

      Last legit MS Security Bulletin e-mail was 08MAR05.

      by deepsand ·

      In reply to well now, isn’t that interesting…

      Legit ones employ PGP; they never contain attachments; and, they only advise of new & revised Security Bulletins available at MS’s site.

      For purposes of comparision, below is most recent one.

      ==================================================

      Date: Tue, 08 Mar 2005 03:21:51 PM EST
      From: “Microsoft” <10_11043_iTuibh3b/kap1M528EMx1w@newsletters.microsoft.com>
      To:
      Subject: Microsoft Security Bulletin Minor Revisions

      ——————————————————————————–

      —–BEGIN PGP SIGNED MESSAGE—–
      Hash: SHA1

      ********************************************************************
      Title: Microsoft Security Bulletin Minor Revisions
      Issued: March 8, 2005
      ********************************************************************

      Summary
      =======
      The following bulletins have undergone a major revision increment.
      Please see the appropriate bulletin for more details.

      * MS05-002
      * MS05-015

      Bulletin Information:
      =====================

      * MS05-002

      http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx
      – Reason for re-release: Frequently Asked Questions updated to
      reflect Windows 98, 98SE and ME security update availability.

      – Originally posted: January 11, 2005
      – Updated: March 8, 2005
      – Bulletin Severity Rating: Critical
      – Version: 1.2

      * MS05-015

      http://www.microsoft.com/technet/security/bulletin/MS05-015.mspx
      – Reason for re-release: Frequently Asked Questions updated to
      reflect Windows 98, 98SE and ME security update availability.

      – Originally posted: February 8, 2005
      – Updated: March 8, 2005
      – Bulletin Severity Rating: Critical
      – Version: 1.2

      ********************************************************************

      Support:
      ========
      Technical support is available from Microsoft Product Support
      Services at 1-866-PC SAFETY (1-866-727-2338). There is no
      charge for support calls associated with security updates.
      International customers can get support from their local Microsoft
      subsidiaries. Phone numbers for international support can be found
      at: http://support.microsoft.com/common/international.aspx

      Additional Resources:
      =====================
      * Microsoft has created a free monthly e-mail newsletter containing
      valuable information to help you protect your network. This
      newsletter provides practical security tips, topical security
      guidance, useful resources and links, pointers to helpful
      community resources, and a forum for you to provide feedback
      and ask security-related questions.
      You can sign up for the newsletter at:

      http://www.microsoft.com/technet/security/secnews/default.mspx

      * Protect your PC: Microsoft has provided information on how you
      can help protect your PC at the following locations:

      http://www.microsoft.com/security/protect/

      If you receive an e-mail that claims to be distributing a
      Microsoft security update, it is a hoax that may be distributing a
      virus. Microsoft does not distribute security updates via e-mail.
      You can learn more about Microsoft’s software distribution
      policies here:

      http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

      ********************************************************************
      THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
      PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT
      DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
      THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
      PURPOSE.
      IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
      LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
      INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
      DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
      ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
      SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
      FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
      LIMITATION MAY NOT APPLY.
      ********************************************************************

      —–BEGIN PGP SIGNATURE—–
      Version: PGP 8.1

      iQIVAwUBQi30k4reEgaqVbxmAQLF4Q/+MY6Fd+qMBEzZeTWWaqZkDqBEmsgc77ss
      IGmrz0Jz19Nz6eJu5ndlVGIbHi8eA79qT39NOPOGqsgZD9lYcil8qcusqrGHmB1p
      Pi4szxQw7lZYlE6GILAT5WT/JYPK8nPeDLAUirz8vU5uV8/PA617iddGIllK/hmU
      owKu3e/NLo88OEggew0/WbpwEFEFu40IJ5dAhi+1zZyQ6zlCFkcTnr6gBXVZrxMd
      7lgkNMrDVjqFD4LBSW91stm62+OTTh9Je99XDkSGrmvvfpnftSwbkfuj0vT++bP5
      6zwDo18HmotB0qyh/RkMEVXbzN7wH2iVRtyvq9biccAFk8Xccjbv0MFzUePpuES/
      UWeQsMknKfCw/B0HqBAFwvg1EB0i/aWQNX6z7xedcYn6NhBwKng/35XKUWYMPaHP
      BENSfna1fjpzknhkIjUwVfla5+mviqfxK5X6UsM4QAG7IAVOGzxpEU4ZdubSjsy5
      JAyMJxiKIRMJXNNlP1D1jEiY8a7MLOnZfcl9aEHbBIN+o+OuITRLKv+X8peNab3I
      gNo5qlyV2S4oiecaZFdJM4jrJe2HW+Eq5Lyn9HNK7tYv5V2o5Cs5TIC7y7FHSjNG
      80TuumHbqTNS7TmUoZY9/LvWqmoZSaNgPIT4vwUqDZVZYm0RaAMqvsVbIL6mCIOI
      h8QgRkHl7sw=
      =JABV
      —–END PGP SIGNATURE—–
      To cancel your subscription to this newsletter, reply to this message with the
      word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the
      Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You can
      manage all your Microsoft.com communication preferences at this site.

      Legal Information <http://www.microsoft.com/info/legalinfo/default.mspx>.

      This newsletter was sent by the Microsoft Corporation
      1 Microsoft Way
      Redmond, Washington, USA
      98052

      • #3350814

        in other words

        by jaqui ·

        In reply to Last legit MS Security Bulletin e-mail was 08MAR05.

        they don’t send an email without you subscribing to get them.

        I don’t use ms products at all, so I don’t ever expect to need ms to send me somethng.

        • #3331228

          Correct.

          by deepsand ·

          In reply to in other words

          In fact, if you examine the header of the e-mail you received, you’ll see that it did’nt come from MS at all.

        • #3331211

          I knew that before I finished reading the subject line

          by jaqui ·

          In reply to Correct.

          I never said the thing came from microsoft.
          I said it’s an interesting malware/spam/phishing attempt.

        • #3347222

          For the benefit of others.

          by deepsand ·

          In reply to I knew that before I finished reading the subject line

          I assumed nothing re. your understanding of such.

          However, I did allow for the possiblility that there may be others present who might not have examined, or even know how to examine, the header.

          This post was intended for the general benefit of all, not as a critique of your knowledge and skills.

      • #3347200

        Thanks, I registered 1 minute ago

        by gunnar klevedal ·

        In reply to Last legit MS Security Bulletin e-mail was 08MAR05.

        Thanks Deepsand
        I registered to the newsletter 1 minute ago.
        By the way, all this dotnet jive, Would it be an MS reply to J2EE?

    • #3331378

      MS people are illiterate!!

      by jaqui ·

      In reply to well now, isn’t that interesting…

      full email I got back from them, after cutting the email that started this thread.
      Subject:
      CST188598458ID – RE:Microsoft.Com ContactUS
      From:
      “Microsoft ContactUs”
      Date:
      Sat, 12 Mar 2005 20:00:05 -0800
      To:

      X-UIDL:
      <02b801c52781$23a641d0$0855fd0a@partners.extranet.microsoft.com>
      X-Mozilla-Status:
      0003
      X-Mozilla-Status2:
      00000000
      Return-Path:

      Received:
      from smtphost2.microsoft.com ([131.107.3.117]) by priv-edtnes16.telusplanet.net (InterMail vM.6.01.04.00 201-2131-118-20041027) with ESMTP id <20050313040005.RFNH3983.priv-edtnes16.telusplanet.net@smtphost2.microsoft.com> for ; Sat, 12 Mar 2005 21:00:05 -0700
      Received:
      from EXT-SMTP-01.partners.extranet.microsoft.com ([10.251.70.190]) by smtphost2.microsoft.com with Microsoft SMTPSVC(6.0.3790.1802); Sat, 12 Mar 2005 20:00:02 -0800
      Received:
      from tksdspsmtcss02.partners.extranet.microsoft.com ([10.251.84.153]) by EXT-SMTP-01.partners.extranet.microsoft.com with Microsoft SMTPSVC(6.0.3790.211); Sat, 12 Mar 2005 20:01:18 -0800
      Received:
      from mail pickup service by tksdspsmtcss02.partners.extranet.microsoft.com with Microsoft SMTPSVC; Sat, 12 Mar 2005 20:00:05 -0800
      X-Originating-IP:
      10.251.84.153
      Thread-Topic:
      CST188598458ID – RE:Microsoft.Com ContactUS
      X-Mailer:
      Microsoft CSS 2000
      X-CSSTicketID:
      188598458
      thread-index:
      AcUngSOjFTUN+9uFRemauOlsLKr9Bg==
      Message-ID:
      <02b801c52781$23a641d0$0855fd0a@partners.extranet.microsoft.com>
      MIME-Version:
      1.0
      Content-Type:
      multipart/alternative; boundary=”—-=_NextPart_000_02B9_01C5273E.158301D0″
      Content-Class:
      urn:content-classes:message
      Importance:
      normal
      Priority:
      normal
      X-MimeOLE:
      Produced By Microsoft MimeOLE V6.00.3790.132
      X-OriginalArrivalTime:
      13 Mar 2005 04:00:05.0323 (UTC) FILETIME=[23B499B0:01C52781]
      Return-Path:
      microsoftcom_contactus@css.one.microsoft.com

      Hello,

      Thank you for contacting Microsoft.com Customer Support.

      I know how important it is for you to know if this is really from Microsoft or not. The notification you received is not from Microsoft.

      Microsoft never widely distributes software, or any attachments, through e-mail, even in our security updates. Here are some guidelines to help you identify whether or not a Microsoft security-related message is genuine:
      http://www.microsoft.com/security/incident/authenticate_mail.mspx

      For more information about Microsoft’s software distribution policies, please visit:
      http://www.microsoft.com/technet/Security/topics/policy/swdist.mspx

      Certain worms and viruses, as well as malicious individuals, have been known to send bogus bulletins that appear to be coming from Microsoft, a tactic known as spoofing. Unfortunately, this is a result of the flexibility of e-mail standards and Microsoft cannot do anything to stop these emails. If you do not wish to receive these emails, you may want to contact your ISP (Internet Service Provider), which is the only point where delivery can be prevented.

      Please be wary of attachments, even if it is from someone you know, since some viruses spread by mailing themselves to contacts in an infected computer’s address book. If you have any doubts about the safety of an attachment, check with the source before opening it.

      To ensure that your system is totally protected, Microsoft strongly recommends that you visit the site http://www.microsoft.com/protect and follow the instructions there to protect your PC. Performing these steps will ensure that your system is safe from viruses and worms.

      Again, thank you for checking with us. Feel free to contact us again if you have other questions or concerns.

      Sincerely,

      Jing
      Microsoft.com Customer Support

      — Original Message —
      From: jaqui@telus.net
      To: microsoftcom_contactus@css.one.microsoft.com
      Sent: Fri Mar 11 16:12:25 PST 2005
      Subject: Microsoft.Com ContactUS

      URL:http://register.microsoft.com/contactus30/contactus.asp?domain=generic
      LANG:English (United States)
      LOC:US
      BBR:linux i686/mozilla/5.0 (x11; u; linux i686; en-us; /en-ca,en;qsince when do you send an update email to random email addresses?

      this is a phishing attempt, and spam.

      following is entire email including full headers:

      Subject:
      *TELUS Detected Spam*: New Net Critical Upgrade

      what could be simpler than the posting bit between their reply and this comment, yet they couldn’t get it right in thier reply.

      • #3331373

        P.S.

        by jaqui ·

        In reply to MS people are illiterate!!

        my reply to this iggeramos that doesn’t know how to read, nor how to follow proper netiqette and BOTTOM post in email and newsgroups is censored, as completely unsuitable for public broadcast.

        • #3331297
          Avatar photo

          Now you have got me interested

          by hal 9000 ·

          In reply to P.S.

          Do you want to send it to me through the Peer Mail?

          I particularly liked the bit about the Open E-Mail standards which MS is solely responsible for anyway. 😉

          Col ]:)

        • #3331210

          ms set netiquette standards??/

          by jaqui ·

          In reply to Now you have got me interested

          that are most commonly reffered to on / in open source lists / discussions?

          news to me.

          since microsoft is the worst offender at meeting those standards.
          ( besides, the open source develppment group tends to beleive posix standards, or ieee standards are far more viable than anything ms says.
          ( at least the sites and groups I tend to be more involved with..the ones with no wish for microshaft compatibility.

        • #3331182
          Avatar photo

          OK maybe I should have put it a little differently

          by hal 9000 ·

          In reply to ms set netiquette standards??/

          What I actually meant was that either Outlook Express or Outlook leave a lot to be desired and they are now the main E-Mail clients being used by most people.

          While I can see just why some may not want MS compatibility that just isn’t an option from my prospective but then again I work in the small business sphere so everything that I install has to be MS compatible because it is so widely used. But at the same time the people want secure systems and still have MS products running on them. 😀

          One guy was so insistent back in the 95 days that I took an old Power Supply pulled its guts out and used epoxy to fill in the power socket. I then set it on his desk and told him that he had a fully secure Workstation. 😉 When he wanted to start it up he realized that he couldn’t plug the thing in and was a bit upset I just told him I had supplied a system to his specifications then pulled out the dud PS and fitted the new one and told him that he had to make compromises in security as there was no way that I could guarantee that his data could not be stolen by someone gaining access to his computer.

          God it felt good but I’ve haven’t been able to do something like that since. 🙁

          Col ]:)

      • #3347220

        Shouldn’t put them all in one bunch though

        by gunnar klevedal ·

        In reply to MS people are illiterate!!

        Guess they’re all different, when it comes to it.

        • #3335638
          Avatar photo

          So just how far do you trust

          by hal 9000 ·

          In reply to Shouldn’t put them all in one bunch though

          Any end user?

          I don’t think them stupid but I also don’t trust them too much either. I think it is more a case of a Little Knowledge being dangerous and I try to protect my end users from things like this.

          I do however agree that they are all different but that doesn’t make them all computer savvy either.

          Col ]:)

      • #3347039

        Learn to read the Microsoft Way

        by bfilmfan ·

        In reply to MS people are illiterate!!

        “Just give me all your money and I will read to you.”

        New enpowerment slogan at Microsoft Literacy University.

        “Beep, Beep.”

        • #3335636
          Avatar photo

          Being serious for a moment

          by hal 9000 ·

          In reply to Learn to read the Microsoft Way

          Have you any idea what this one does?

          I haven’t got one so I haven’t had a chance to try it out in a controlled environment. Maybe things are getting better in the IT world or this is just a slow spreading problem. 😉

          I’m inclined to think it is the latter though. 😀

          Col ]:)

        • #3335607

          I-worm/Swen

          by jaqui ·

          In reply to Being serious for a moment

          that was the viral payload.

        • #3335570
          Avatar photo

          Thanks Jaqui

          by hal 9000 ·

          In reply to I-worm/Swen

          For the info that will prove helpful when I eventually get some of the customers who deploy it which is bound to happen.

          Col ]:)

    • #3347255

      You were not fooled, but…

      by gunnar klevedal ·

      In reply to well now, isn’t that interesting…

      You were not fooled, but I could mention dozens of people who would be. And it would never occur to me to call them stupid.
      I have warned our users to be careful with attachments. Luckily (?) our messaging system blocks all executable files, but at home they ain’t got this protection. As for now, most viruses and malware don’t write in Swedish.

      Tribute goes to John Socha, software hero of the eighties

Viewing 5 reply threads