[ale] OT: Mesg from M$

Bob Toxen bob at verysecurelinux.com
Sun Mar 23 21:33:18 EST 2003


Chris,
> I got the following text and a executable called update93.exe attached. 
> Is it viral.

Yes.  Microsoft NEVER sends security patches.  It is trivial to spoof
any source email address.  NEVER trust email, attachments ending in
.exe, .com, .sh, etc. unless you validate that the person who owns
the account has sent it and that they know what they are doing.  Note
that I suggest that you validate that the person ... (not just the
computer, which may have been compromised).


> Microsoft Corporation Customer 

> this is the latest version of security update, the
> "March 2003, Cumulative Patch" update which eliminates
> all known security vulnerabilities affecting Internet Explorer,
> Outlook and Outlook Express as well as five newly
> discovered vulnerabilities. Install now to protect your computer
> from these vulnerabilities, the most serious of which could allow
> an attacker to run executable on your system. This update includes
> the functionality of all previously released patches.


Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list