Security Incidents mailing list archives
Re: New virus disguised as Microsoft patch?
From: "Meritt James" <meritt_james () bah com>
Date: Mon, 22 Sep 2003 09:16:09 -0400
I'd like to add a couple of things: 1. I am unaware of ANY vendor (not even micro$oft!) that emails security patches. The procedure I've seen is to email the notification then YOU go to their site and acquire the patch. 2. It has an attchment that is an executable. An unrequested executable is almost always a BAD THING. Add that to the wierd addresses that you mentioned, and it would be a baddie from the word "go". Jim "Kevin N. Carpenter" wrote:
I too have received several of these todays. The only hint was the sender address, and some slightly strange wording. Kevin C. David Gillett wrote:No, this isn't the crude "500,000 already infected!" garbage. This is an extremely polished and convincing looking html email which claims to be a "September 2003, Cumulative Patch" and includes an attached "patch8678.exe". I've got four of these overnight, from broadband users as far away from Microsoft as Greece. Each is followed by an odd little NDR, presumably reporting failed delivery of a delivery confirmation message. David Gillett --------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- New virus disguised as Microsoft patch? David Gillett (Sep 20)
- Re: New virus disguised as Microsoft patch? Alex Lambert (Sep 20)
- Re: New virus disguised as Microsoft patch? Kevin N. Carpenter (Sep 20)
- Re: New virus disguised as Microsoft patch? Meritt James (Sep 22)
- Re: New virus disguised as Microsoft patch? Duston Sickler (Sep 20)
- RE: New virus disguised as Microsoft patch? Larry Seltzer (Sep 22)