"Grumman-581" <***@DIE-SPAMMER-***@houston.rr.com> entertained us with:
:You get stuck applying MS security patches for the next year?
Speaking of which, did anyone else get a bunch of e-mail's from
<quote>microsoft</unquote> today. They come complete with a patch.exe file, and
this sort of text:
"Microsoft Consumer
this is the latest version of security update, the "September 2003, Cumulative
Patch" update which fixes all known security vulnerabilities affecting MS
Internet Explorer, MS Outlook and MS Outlook Express as well as three newly
discovered vulnerabilities. Install now to protect your computer. This update
includes the functionality of all previously released patches. "
The file passes my ISP's virus scanner and mine as well. I use Norton.
Of course the Microsoft Website says this:
"Microsoft Policies on Software Distribution
An important key to safe computing is to never use software from unknown
sources. As pointed out in a CERT advisory, malicious users often use "Trojan
Horses" to deliver harmful software onto unwary users' computers. A Trojan Horse
is a piece of software that appears to do something useful, but which actually
performs hidden, usually damaging, action on the user's computer. For example, a
malicious user might develop a game program that deliberately erases files on
the user's computer while it runs, and distribute it via a web site.
Another Trojan Horse mechanism that is frequently used is to send malicious
software to users via e-mail, claiming that it is a product upgrade from a
software vendor. Recently, several people have done this, sending e-mails that
contain software attachments to wide audiences on the Internet. The e-mails
claim that the attachments are product upgrades from Microsoft or other software
vendors, but in fact they are harmful software that may damage the user's
software and files when they run the attachments.
Microsoft never distributes software directly via e-mail.
We distribute software on physical media like CD ROMs and floppy disks.
We distribute upgrades via the Internet. When we do this, the software will be
available via our web site, http://www.microsoft.com, or through
http://www.microsoft.com/downloads/search.asp?.
We occasionally send e-mail to customers to inform them that upgrades are
available. However, the e-mail will only provide links to the download sites --
we will never attach the software itself to the e-mail. The links will always
lead to either our web site or our FTP site, never to a third-party site.
We always use Authenticode to digitally sign our products and allow you to
ensure that they have not been tampered with.
If you receive an e-mail that claims to contain software from Microsoft, do not
run the attachment. The safest course of action is to delete the mail
altogether. If you would like to take additional action, report the e-mail to
the sender's Internet Service Provider. Most ISPs provide an "abuse" userid for
this purpose. "
Dan Bracuk
As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've got the inclination.
The Best of Rec.Scuba
http://www.pathcom.com/~bracuk/RecScuba/
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----