[ale] OT: Mesg from M$
    Bob Toxen 
    bob at verysecurelinux.com
       
    Sun Mar 23 21:33:18 EST 2003
    
    
  
Chris,
> I got the following text and a executable called update93.exe attached. 
> Is it viral.
Yes.  Microsoft NEVER sends security patches.  It is trivial to spoof
any source email address.  NEVER trust email, attachments ending in
.exe, .com, .sh, etc. unless you validate that the person who owns
the account has sent it and that they know what they are doing.  Note
that I suggest that you validate that the person ... (not just the
computer, which may have been compromised).
> Microsoft Corporation Customer 
> this is the latest version of security update, the
> "March 2003, Cumulative Patch" update which eliminates
> all known security vulnerabilities affecting Internet Explorer,
> Outlook and Outlook Express as well as five newly
> discovered vulnerabilities. Install now to protect your computer
> from these vulnerabilities, the most serious of which could allow
> an attacker to run executable on your system. This update includes
> the functionality of all previously released patches.
Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
    
    
More information about the Ale
mailing list