Re: FW: Last Microsoft Patch

["Mary Landesman" <mlande () bellsouth net>]

> Thanks for the reminder on that.

So much of the focus is on the appearance of the email itself, sometimes
these smaller details are easy to forget, i.e. the fact that it can also
send itself as a bounce message or that it spoofs a variety of from
addresses. I wonder sometimes if the focus on the patch masquerade has
actually helped Swen's efforts to spread, since all the cautions are about
one specific facet of it. Hence, those users who aren't expecting it to be
in a bounce message might believe the bounce message to be legitimate and be
more inclined to open the attachment, not having "heard" about this as being
a threat.

> organic memory parity error

My new favorite phrase! Now if I can only remember it...

-- Mary

----- Original Message ----- 
From: "Chris DeVoney" <cdevoney () u washington edu>
To: <full-disclosure () lists netsys com>
Sent: Thursday, October 16, 2003 2:54 PM
Subject: RE: [Full-disclosure] FW: Last Microsoft Patch


On Wednesday, October 15, 2003 4:41 PM, Mary Landesman wrote:

> Swen also uses microsoft.com; the samples I have received do
> so more often than not.
>
> For a full list, see: http://www.f-secure.com/v-descs/swen.shtml

Thanks for the reminder on that. The first couple of these I received had
MSN.COM and MSNBC.COM and some pseudo security mail box from Microsoft.com.
The first two immediately made me darn suspicious even before the synapses
clicked on MS never e-mailing these things.

As my using outdates vs. updates (which, mercifully no one has pointed out
my obvious error), maybe there is a new outward patch delivery mechanism ...
or an organic memory parity error occurred.

cdv

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html