MS Update Email legit???

[Cracker Jacks]

I get an email from "MS Security Support" stating the following:
----------------------------------------
Microsoft Consumer

this is the latest version of security update, the "December 2003,
Cumulative Patch" update which fixes all known security vulnerabilities
affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
three newly discovered vulnerabilities. Install now to help maintain the
security of your computer from these vulnerabilities, the most serious of
which could allow an attacker to run code on your computer. This update
includes the functionality of all previously released patches.
System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
RecommendationCustomers should install the patch at the earliest
opportunity.
How to installRun attached file. Choose Yes on displayed dialog box.
How to useYou don't need to do anything after installing this item
----------------------------------------------

This email also has a file attached to it. q392913.exe I dare not open
it. I go t the MS Update center as I always do and it does a scan and does
not detect any updates that are required. Is this email legitamate or is
someone trying to send me a trojan/virus? If it is legitamate, then why
doesn't the update center also tell me I need this same update?

Also I am getting alot of "Delivery Failure" emails from "admin" or
"Administartor" that do have attached virus files. Is there anyway I can
detect or stop these emails from getting to my computer? Is there anyway I
can find out the net/computer/IP involved and report this activity to help
put a stop to this behavior? Thanks in advance.

 

[Norm]

Microsoft never emails updates.

 

[Bruce Chambers]

Greetings --

What you received is either a very common, malicious hoax or the
output of a computer infected by one of several widely publicized,
wide-spread, mass emailing worms. This sort of email has been quite
common for at least the past 8 months. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Grant]

Also I am getting alot of "Delivery Failure" emails from "admin" or
"Administartor" that do have attached virus files. Is there anyway I can
detect or stop these emails from getting to my computer? Is there anyway I
can find out the net/computer/IP involved and report this activity to help
put a stop to this behavior? Thanks in advance.

I've been getting plenty of those too in a couple of my email accounts. One
thing you can do it not to post your email address anywhere...especially to the
newsgroups. is (e-mail address removed) your real email address?

The virus in question harvests email addresses from the hard drives of people
that are infected. This means that if your email address is stored anywhere on
their computer, such as in their address book, internet explorer cache, or saved
newsgroup headers, it will start sending these message to you.

One of my email addresses has been getting 50+ a day of both the microsoft patch
and delivery failure notices. At one point if I didnt't check my email every 2
hours my mailbox would overflow and good emails would get dropped.

Don't ever open any attachment that you weren't expecting, and even then run it
through a virus scanner before you open it.

 

[Jim Macklin]

If you are getting "returned mail" it might be sent to you
by the virus, but more likely your email address was
harvested on somebody's infected computer and they are
sending viruses to more people using your email address, the
ones you are getting are bounced because the email account
server could not deliver it for some reason and it sent YOU
a notice because your email address was the apparent sender.
Nothing you can do to stop that except change your email
address which is often not an option.


|
| > Also I am getting alot of "Delivery Failure" emails from
"admin" or
| > "Administartor" that do have attached virus files. Is
there anyway I can
| > detect or stop these emails from getting to my computer?
Is there anyway I
| > can find out the net/computer/IP involved and report
this activity to help
| > put a stop to this behavior? Thanks in advance.
| >
| >
|
| I've been getting plenty of those too in a couple of my
email accounts. One
| thing you can do it not to post your email address
anywhere...especially to the
| newsgroups. is (e-mail address removed) your real email
address?
|
| The virus in question harvests email addresses from the
hard drives of people
| that are infected. This means that if your email address
is stored anywhere on
| their computer, such as in their address book, internet
explorer cache, or saved
| newsgroup headers, it will start sending these message to
you.
|
| One of my email addresses has been getting 50+ a day of
both the microsoft patch
| and delivery failure notices. At one point if I didnt't
check my email every 2
| hours my mailbox would overflow and good emails would get
dropped.
|
| Don't ever open any attachment that you weren't expecting,
and even then run it
| through a virus scanner before you open it.
|
|

 

[Gary Tait]

If you are getting "returned mail" it might be sent to you
by the virus, but more likely your email address was
harvested on somebody's infected computer and they are
sending viruses to more people using your email address, the
ones you are getting are bounced because the email account
server could not deliver it for some reason and it sent YOU
a notice because your email address was the apparent sender.
Nothing you can do to stop that except change your email
address which is often not an option.

The returned messages are a ruse too, I am 100% virii/worm free, and
get them.

 

[Jim Macklin]

If someone else has your email address in their computer and
they are infected, the virus will use your email address for
some of the mail it sends. You never need to be infected,
some friend is and that is why your email address is used to
send viruses from their computer. When those emails can't
be delivered YOU get the notice because it is your address.


| On Mon, 22 Dec 2003 06:32:07 -0600, "Jim Macklin"
|
| >If you are getting "returned mail" it might be sent to
you
| >by the virus, but more likely your email address was
| >harvested on somebody's infected computer and they are
| >sending viruses to more people using your email address,
the
| >ones you are getting are bounced because the email
account
| >server could not deliver it for some reason and it sent
YOU
| >a notice because your email address was the apparent
sender.
| >Nothing you can do to stop that except change your email
| >address which is often not an option.
| >
|
| The returned messages are a ruse too, I am 100%
virii/worm free, and
| get them.
| >

news:[email protected]

s.com...
| >|
| >| > Also I am getting alot of "Delivery Failure" emails
from
| >"admin" or
| >| > "Administartor" that do have attached virus files. Is
| >there anyway I can
| >| > detect or stop these emails from getting to my
computer?
| >Is there anyway I
| >| > can find out the net/computer/IP involved and report
| >this activity to help
| >| > put a stop to this behavior? Thanks in advance.
| >| >
| >| >
| >|
| >| I've been getting plenty of those too in a couple of my
| >email accounts. One
| >| thing you can do it not to post your email address
| >anywhere...especially to the
| >| newsgroups. is (e-mail address removed) your real email
| >address?
| >|
| >| The virus in question harvests email addresses from the
| >hard drives of people
| >| that are infected. This means that if your email
address
| >is stored anywhere on
| >| their computer, such as in their address book, internet
| >explorer cache, or saved
| >| newsgroup headers, it will start sending these message
to
| >you.
| >|
| >| One of my email addresses has been getting 50+ a day of
| >both the microsoft patch
| >| and delivery failure notices. At one point if I
didnt't
| >check my email every 2
| >| hours my mailbox would overflow and good emails would
get
| >dropped.
| >|
| >| Don't ever open any attachment that you weren't
expecting,
| >and even then run it
| >| through a virus scanner before you open it.
| >|
| >|
| >
|

 

[Grant]

If someone else has your email address in their computer and
they are infected, the virus will use your email address for
some of the mail it sends. You never need to be infected,
some friend is and that is why your email address is used to
send viruses from their computer. When those emails can't
be delivered YOU get the notice because it is your address.

I'm 99% sure that the failure notices are directly from the virus too, since
they originate from the same ip address, not the mail server.

 

[Jim Macklin]

If they are from the same IP address, contact your ISP about
blocking that IP.


|
in message
| | > If someone else has your email address in their computer
and
| > they are infected, the virus will use your email address
for
| > some of the mail it sends. You never need to be
infected,
| > some friend is and that is why your email address is
used to
| > send viruses from their computer. When those emails
can't
| > be delivered YOU get the notice because it is your
address.
|
| I'm 99% sure that the failure notices are directly from
the virus too, since
| they originate from the same ip address, not the mail
server.
|
|

 

[Cracker Jacks]

Ok that's what I figgured. I have been using MS since early DOS days and
have never seen them send out updates. This one sure looked like it came
from MS, graphics and all. I almost want to congradulate whoever made it up.

I use this email address to mis-lead spam and mischievious code senders
astray and can change or delete it any time through my ISP. Just a note to
the ones that send junk like this out, your placing more work on your system
by sending it out than any harm you could (or ever have) done to mine. With
the incorporation of new laws and software to track down exactly where these
mischievious codes are coming from, your days are numbered Spam-a-Mites!