Suspicious email

  • Thread starter Thread starter Brad Jones
  • Start date Start date
B

Brad Jones

We have been getting repeated emails claiming to be from
microsoft with an attachment the email says is a patch for
viruses. Since we have autoupdate I am pretty sure this is
some kind of virus itself and I have been deleting them
immediately. AFter about 10 incidents of this I thought
I'd forward to microsoft for evaluation, but I can't find
an email for them that is working. Anyone know anything
about this email? It says it comes from
"(e-mail address removed)".
 
Hi Brad - These attachments are viruses - don't open them - just delete
them. Microsoft NEVER sends updates or patches by email.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In
 
You made the same mistake i did - you used your real email
address. my yahoo mail box now fills to over capacity in
about 4 hours with this funky hoax email. Maybe if
everybody used a phony address, or the same one, like a
Microsoft address Microsoft would do something about it.
NOT!
 
Greetings --

What you received is either a very common malicious hoax or the
output of a computer infected by one of several wide-spread, mass
emailing worms. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Microsoft never has, does not currently, and never will email
unsolicited security patches. At the most, if, and only if, you
subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.

There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
If you change your return address to (e-mail address removed) that would put them on
the list, but might you in some hot water.

don
-----------------
You made the same mistake i did - you used your real email
address. my yahoo mail box now fills to over capacity in
about 4 hours with this funky hoax email. Maybe if
everybody used a phony address, or the same one, like a
Microsoft address Microsoft would do something about it.
NOT!
 
Bruce, Comes charging like a knight in shining armor. I can just picture it, can
you?

good work Bruce,
don
------------
Greetings --

What you received is either a very common malicious hoax or the
output of a computer infected by one of several wide-spread, mass
emailing worms. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Microsoft never has, does not currently, and never will email
unsolicited security patches. At the most, if, and only if, you
subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.

There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Back
Top