Full Disclosure mailing list archives
Re: Fwd: Internet Security Update
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 09 Apr 2003 09:51:58 +1300
Brad Knowles <brad.knowles () skynet be> wrote:
I don't think this is a real Microsoft security announcement (they wouldn't be likely to be sent via an unknown IP address over in the space owned by hiwaay.net), but it does appear to be the result of a hoax, a virus, or a Trojan Horse that I have not yet heard of.
Very good Watson...
I've done various searches via Google and on the web sites of the anti-virus vendors, and haven't turned up anything on this issue.
What did you search for???
Have I missed something?
The daily application of a clue-by-four? Here is the beginning of the message of which you were suspicious:
Microsoft Customer <BR><BR> this is the latest version of security update, the<BR> "April 2003, Cumulative Patch" update which eliminates<BR> all known security vulnerabilities affecting Internet Explorer,<BR> Outlook and Outlook Express as well as five newly<BR>
Note the obvious (to native English speakers) grammatical error common to folk who learnt English as a second language who often struggle with articles? Note the sentence does not start with an uppercase letter? Both good clues in themselves that this is not from Microsoft without even having to worry about looking at the headers. Oh yes, and Microsoft, as a matter of policy _never_ sends patches or updates via Email: http://www.microsoft.com/technet/security/policy/swdist.asp Googling for the phrase "this is the latest version of security update" turned up about 780 hits, the first ten of which were all antivirus developer virus descriptions or various security company or security service teams' warnings about the (then) new Gibe.B virus. When was "then"? 23 February was the date Gibe.B was discovered. Finally, isn't it illegal in Belgium to spread viruses? I hope any members of your local constabulary on this list take a lenient view of your including what you clearly thought was a suspicious attachment (and is, in fact, a virus) in your post to many thousands of people... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S, (continued)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Nick FitzGerald (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Brad Knowles (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Michael Osten (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ron DuFresne (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ward Vandewege (Apr 09)
- RE: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ed Carp (Apr 09)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] madsaxon (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Jurjen Oskam (Apr 10)
- RE : RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Nicolas Villatte (Apr 08)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Jurjen Oskam (Apr 10)
- Re: Fwd: Internet Security Update Brad Knowles (Apr 08)
- RE: Fwd: Internet Security Update Ed Carp (Apr 08)
- Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)