Re: New virus disguised as Microsoft patch?

["Meritt James" <meritt_james () bah com>]

I'd like to add a couple of things:

1. I am unaware of ANY vendor (not even micro$oft!) that emails security
patches.  The procedure I've seen is to email the notification then YOU
go to their site and acquire the patch.

2. It has an attchment that is an executable.  An unrequested executable
is almost always a BAD THING.

Add that to the wierd addresses that you mentioned, and it would be a
baddie from the word "go".

Jim

"Kevin N. Carpenter" wrote:
> I too have received several of these todays.  The only hint was the
> sender address, and some slightly strange wording.
>
> Kevin C.
>
> David Gillett wrote:
>
> >  No, this isn't the crude "500,000 already infected!"
> > garbage.  This is an extremely polished and convincing
> > looking html email which claims to be a "September 2003,
> > Cumulative Patch" and includes an attached "patch8678.exe".
> >
> >  I've got four of these overnight, from broadband users
> > as far away from Microsoft as Greece.  Each is followed by
> > an odd little NDR, presumably reporting failed delivery of
> > a delivery confirmation message.
> >
> > David Gillett
> >
> >
> >
> > ---------------------------------------------------------------------------
> > ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
----------------------------------------------------------------------------