Virus disguised as MS Security bulletin or are we just paranoid?

TheMSsForum.com: The Microsoft Software Forum

My boss gets what looks like security bulletins from MS
regarding patches, but she doesn't think she ever signed
up for the service.
1. Is there a way we can check to see if we're on the
mailing list?

2. The reason it's critical is that Norton Antivirus 2003
Pro has identified at least one of these bulletins as
being infected. Does anyone know of viruses arriving
disguised as a security bulletin?

Thanks.
Top

Re: Virus disguised as MS Security bulletin or are we just paranoid? by grw

grw
Thu Sep 18 10:44:27 CDT 2003

If you search this group youll discover that every 10th message mentions the
same virus.
You arent paranoid - ms does not send patches as attachments.....


"Connie Sleger" <csleger@vsvh.org> wrote in message
news:006701c37df8$dcdcdfd0$a301280a@phx.gbl...
> My boss gets what looks like security bulletins from MS
> regarding patches, but she doesn't think she ever signed
> up for the service.
> 1. Is there a way we can check to see if we're on the
> mailing list?
>
> 2. The reason it's critical is that Norton Antivirus 2003
> Pro has identified at least one of these bulletins as
> being infected. Does anyone know of viruses arriving
> disguised as a security bulletin?
>
> Thanks.
>
>


Top

Re: Virus disguised as MS Security bulletin or are we just paranoid? by Bill

Bill
Thu Sep 18 12:53:04 CDT 2003

Your boss is correct.

Microsoft does have a security update notification list.
It requires subscribing.

It DOES NOT send patches by email. Ever.

If the message has an attachment, consider it to be a virus, regardless of
whether your a/v spots it.

Microsoft has, on two recent occasions, sent email to customers alerting
them to two specific patches: MS 03-026 and MS 03-039. These emails are
HTML formatted and contain links to legitimate microsoft.com urls to obtain
the patches. They don't contain attachments.

What you are seeing is a virus replicating--an infected machine with your
boss' email address in it is sending the infection on.

Just delete them.


"Connie Sleger" <csleger@vsvh.org> wrote in message
news:006701c37df8$dcdcdfd0$a301280a@phx.gbl...
> My boss gets what looks like security bulletins from MS
> regarding patches, but she doesn't think she ever signed
> up for the service.
> 1. Is there a way we can check to see if we're on the
> mailing list?
>
> 2. The reason it's critical is that Norton Antivirus 2003
> Pro has identified at least one of these bulletins as
> being infected. Does anyone know of viruses arriving
> disguised as a security bulletin?
>
> Thanks.
>
>


Top

Re: Virus disguised as MS Security bulletin or are we just paranoid? by John

John
Thu Sep 18 15:37:39 CDT 2003

"Connie Sleger" <csleger@vsvh.org> wrote in message
news:006701c37df8$dcdcdfd0$a301280a@phx.gbl...
> My boss gets what looks like security bulletins from MS
> regarding patches, but she doesn't think she ever signed
> up for the service.
> 1. Is there a way we can check to see if we're on the
> mailing list?
>
> 2. The reason it's critical is that Norton Antivirus 2003
> Pro has identified at least one of these bulletins as
> being infected. Does anyone know of viruses arriving
> disguised as a security bulletin?
>
> Thanks.
>
Had you bothered to, you could have looked at the message "** READ THIS
BEFORE POSTING..." which appears adjacent to yours and which appears every
bloody day and known the answer.
--
John McGaw
[Knoxville, TN, USA]

Return address will not work. Please
reply in group or through my website:
http://johnmcgaw.com

Top

Virus disguised as MS Security bulletin or are we just paranoid? by Kathy

Kathy
Thu Sep 18 18:04:28 CDT 2003

Hi,

I wanted to let you know that Microsoft does NOT will
email unsolicited security patches. Any mail you receive
that contains a file saying that it is a patch, or an
emai that says "click here" to receive the patch, etc.
did not come from Microsoft.

Rather, it appears you received the email resulting from
another computer (not yours) being invected by a mass
emailing worm. The two most widely-known are:

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.gibe@mm.html

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.dumaru@mm.html

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/patch_hoax.asp

Any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. For
easy access, just start WindowsUpdate on your computer
and it will hook to the official Microsoft site to
provide you with access to patches and updates from
Microsoft.

Kathy Prince
Program Manager
Microsoft Support Lifecycle & Security

This posting is provided "AS IS" with no warranties, and
confers no rights.


>-----Original Message-----
>My boss gets what looks like security bulletins from MS
>regarding patches, but she doesn't think she ever signed
>up for the service.
>1. Is there a way we can check to see if we're on the
>mailing list?
>
>2. The reason it's critical is that Norton Antivirus
2003
>Pro has identified at least one of these bulletins as
>being infected. Does anyone know of viruses arriving
>disguised as a security bulletin?
>
>Thanks.
>
>
>.
>
Top

Re: Virus disguised as MS Security bulletin or are we just paranoid? by Pavan

Pavan
Fri Sep 19 13:05:30 CDT 2003

If you are infected by the w32.swen.@mm worm, follow this link for removal
instructions.

https://www.europe.f-secure.com/v-descs/swen.shtml



For more information Visit:

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html



Information on Bogus Microsoft Security Bulletin E-mails:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp


--
Pavan
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions.
Please use these newsgroups to let me know if the suggestions resolved the
issue.


"Kathy [MSFT]" <kathypr@online.microsoft.com> wrote in message
news:10c301c37e39$3646a160$a001280a@phx.gbl...
> Hi,
>
> I wanted to let you know that Microsoft does NOT will
> email unsolicited security patches. Any mail you receive
> that contains a file saying that it is a patch, or an
> emai that says "click here" to receive the patch, etc.
> did not come from Microsoft.
>
> Rather, it appears you received the email resulting from
> another computer (not yours) being invected by a mass
> emailing worm. The two most widely-known are:
>
> W32.Gibe_mm
> http://securityresponse.symantec.com/avcenter/venc/data/w3
> 2.gibe@mm.html
>
> W32.Dumaru_mm
> http://securityresponse.symantec.com/avcenter/venc/data/w3
> 2.dumaru@mm.html
>
> Information on Bogus Microsoft Security Bulletin Emails
> http://www.microsoft.com/technet/treeview/default.asp?
> url=/technet/security/news/patch_hoax.asp
>
> Any and all legitimate patches and updates are readily
> available at http://windowsupdate.microsoft.com/. For
> easy access, just start WindowsUpdate on your computer
> and it will hook to the official Microsoft site to
> provide you with access to patches and updates from
> Microsoft.
>
> Kathy Prince
> Program Manager
> Microsoft Support Lifecycle & Security
>
> This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>
> >-----Original Message-----
> >My boss gets what looks like security bulletins from MS
> >regarding patches, but she doesn't think she ever signed
> >up for the service.
> >1. Is there a way we can check to see if we're on the
> >mailing list?
> >
> >2. The reason it's critical is that Norton Antivirus
> 2003
> >Pro has identified at least one of these bulletins as
> >being infected. Does anyone know of viruses arriving
> >disguised as a security bulletin?
> >
> >Thanks.
> >
> >
> >.
> >


Top