Are MS interested in spoof emails?

[JustMe]

I received an email today purporting to be from 'Microsoft Network
Security Division' which contained the virus W32.SvenA@mm'- this was
cleaned by my AV progam, thankfully.

Are MS interested in these, and if so, where do I send the headers to?

Thanks.
Nina

 

[Jim Macklin]

they are well known. Unless you ask MS to send you email by
subscribing to a newsletter or ordering something, MS will
not send you any email. Also, Microsoft NEVER send
attachments. See any anti-virus site (McAfee.com and
www.sarc.com or many others) .

Like most viruses, they spread from other infected
computers, you should just delete any such email that you
did not request and expect. If you get any email that
appears to be spam or fit the profile of a virus, and you
don't want to be infected, delete it. If you must "know"
set your email to read as "text only" and check the headers
and message source. NEVER open an attachment, remember an
infected computer will use the addressbook to send you
infected email, thus it will appear to be from a "friend" or
it may be using a spoofed address such as the phony
Microsoft email.

Get information on security resources and guidance from
across Microsoft.com.
. Security Basics: Fight Spyware
. How to Spot Fake Microsoft Security-Related E-mail
. Learn the Basics of Backing Up

http://www.microsoft.com/security/incident/authenticate_mail.mspx

http://www.microsoft.com/security/default.mspx


--
The people think the Constitution protects their rights;
But government sees it as an obstacle to be overcome.



|I received an email today purporting to be from 'Microsoft
Network
| Security Division' which contained the virus
W32.SvenA@mm'- this was
| cleaned by my AV progam, thankfully.
|
| Are MS interested in these, and if so, where do I send the
headers to?
|
| Thanks.
| Nina
|

 

[Gerry Cornell]

Nina

False emails from Microsoft are common place. They arrive in my trash
folder every day. FWIW I have never seen anyone ever suggest reporting
their receipt to Microsoft. If you start reporting abuse you will never
have time to do the better things life offers. Just keep your system
defences well maintained so as to prevent your own computer being used
to spew out more Microsoft false emails.


--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~

 

[Don Taylor]

I received an email today purporting to be from 'Microsoft Network
Security Division' which contained the virus W32.SvenA@mm'- this was
cleaned by my AV progam, thankfully.

Are MS interested in these, and if so, where do I send the headers to?

Thanks.
Nina

Microsoft has no hope of doing anything with these. For Swen virus
the virus forges the From: line but the rest of the headers are valid.

You can either
learn how to read headers and how to find the abuse address for
the source domain and send them a polite request that they track
down their infected customer and sterilize them, and send them
the headers as evidence. This isn't too hard to learn to do.
or
just delete them and let someone else try to get them to clean up
or
in the past I have agreed, after making sure that both sides
understand the ground rules about what will be sent and how,
to accept copies of these Swen virus emails and report them.

Over 18 months ago, soon after Swen attacked the net I built a
collection of tools that almost automatically handle the reporting
of Swen virus mail.

As of a few minutes ago I've received and reported a total of 55938
Swen virus mail from 2856 different domains.

I have a reasonable success rate of getting admins to sterilize this.

So, please don't just start blasting Swen at me, the tools might
make a mistake and think you were the source and start sending
reports to your admin asking them to sterilize you.

But if a reasonable number of people would like to confirm this
with me first and we both understand the ground rules and format
of the mail then I have no problem dropping your Swen virus into
the cannon, along with my own, and trying to help clean up the net.
I'm doing that for a few other people at present. I can't promise
this will fix the problem but there is a chance of success.

I have not yet automated Beagle virus reporting or other virus
reporting but there was some discussion with an ISP that I might
start doing that.

Email address is valid, I've been on the net almost 25 years and
I get a lot of spam, so make sure your you choose a subject line
that I wouldn't misunderstand when you send me mail.

thanks

 

[Ken Blake]

In

I received an email today purporting to be from 'Microsoft
Network
Security Division' which contained the virus W32.SvenA@mm'-
this was
cleaned by my AV progam, thankfully.

Are MS interested in these, and if so, where do I send the
headers to?

No, it's not necessary to send anything to Microsoft. They are
well aware of these messages. Unfortunately they are very common.

Just so you, and anyone else reading this, knows, Microsoft never
sends out updates by E-mail attachment. You can be very close to
sure that anything you receive this way contains a virus.

 

[Bruce Chambers]

I received an email today purporting to be from 'Microsoft Network
Security Division' which contained the virus W32.SvenA@mm'- this was
cleaned by my AV progam, thankfully.

Are MS interested in these, and if so, where do I send the headers to?

Thanks.
Nina

What you're receiving is the output of a computer infected by one of
several widely publicized, wide-spread, mass emailing worms. The virus'
authors have deliberately spoofed the Microsoft information in the hopes
of garnering more victims. This sort of email has been very common for
past two years, or more. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only if,
you subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Remember, any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. You should develop
the habit of checking this site at least once a month to keep your
computer up-to-date. (Notice that this is the true URL, rather than the
bogus one that may have been contained in the email you received.) Any
messages that point to any other source(s) or claim to have the patch
attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of a
mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps. You can also ask your ISP to take steps to preclude their mail
server from passing on such emails. Many ISPs have such filtering
capabilities.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH