Interesting People mailing list archives
IP: Bogus Microsoft Security Bulletin
From: David Farber <dave () farber net>
Date: Fri, 20 Jul 2001 16:17:04 -0400
X-Sender: @ (Unverified) Date: Thu, 19 Jul 2001 17:58:29 -0400 To: undisclosed-recipients:; From: Monty Solomon <monty () roscom com> Subject: Bogus Microsoft Security Bulletin <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/news/bogus.asp> Information on Bogus Microsoft Security Bulletin Microsoft has learned that a malicious user is circulating an e-mail that purports to be a Microsoft Security Bulletin, and which directs the reader to download an executable file from a web site. Customers who receive such an e-mail should delete it, and under no circumstances should they download the executable. The would-be bulletin claims to be Microsoft Security Bulletin MS01-037. However, the issue it describes is fictitious. In addition, it provides a link to a web site whose URL looks like the Microsoft web site, but in reality is not. The "patch" hosted on the site is a piece of hostile code that could enable an attacker to remotely control another user's system. There are several dead giveaways that indicate that the e-mail isn't a bona fide security bulletin: * The e-mail isn't signed using the Microsoft Security Response Center's PGP key. Microsoft always signs its bulletins before mailing them, and you can verify the signature using the key we publish at http://www.microsoft.com/technet/security/bulletin/notify.asp. If you are ever in doubt about the authenticity of a bulletin mailer you've received, consult the web-hosted bulletins on the Microsoft Security web site - the versions there are the authority versions. * The e-mail contains a link to a supposed patch. Authentic bulletin mailers never provide a link to the patch; instead, they refer the reader to the complete version of the bulletin on our web site, which provides a link to the patch. * The "patch" the bogus bulletin links to isn't digitally signed. Microsoft always digitally signs the patches it releases. Always be sure you check the signature of any executable before installing it on your system. Microsoft is taking aggressive action to protect customers from this issue. We have contacted the Internet Service Provider where the counterfeit patch was hosted, and they have removed it. We also are working with the anti-virus community to ensure that current virus scanner products will detect the hostile code and remove it. Just the same, this is not the first time malicious users have issued counterfeit security bulletins, and it will likely not be the last. Microsoft urges customers to always verify any mail that claims to be a Microsoft security bulletin.
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Bogus Microsoft Security Bulletin David Farber (Jul 20)