Greetings --
It's been well known for years now that posting/publishing a real
email address to _any_ newsgroup, as you have done, or web site is an
open initiation to be spammed. For years now, spammers have been
using automated tools to harvest email addresses from the Internet and
Usenet. What I don't understand is why you're just now noticing the
phenomenon. Was this the first time you _ever_ posted to Usenet?
What you received is the output of a computer infected by one of
several widely publicized, wide-spread, mass emailing worms. The
virus' authors have deliberately spoofed the Microsoft information in
the hopes of garnering more victims. This sort of email has been very
common for at least the past 10 months. The most widely-known are:
W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html
Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.
Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp
Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp
How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
Remember, any and all legitimate patches and updates are readily
available at
http://windowsupdate.microsoft.com/. You should develop
the habit of checking this site at least once a month to keep your
computer up-to-date. (Notice that this is the true URL, rather than
the bogus one that may have been contained in the email you received.)
Any messages that point to any other source(s) or claim to have the
patch attached are bogus.
You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps. You can also ask your ISP to take steps to preclude their mail
server from passing on such emails. Many ISPs have such filtering
capabilities.
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
My Yahoo bulk mailbox now receives as many as 6 emails a day with a
phony "Microsoft" return address (microsoft.news or news.msn.net or
whatever) and with a heading about an update or security patch. Each
email is an authentic printout from the Microsoft web site, and each
contains an attachment that Yahoo's virus scan shows as, for example,
"virus w2Swen.a.mm.
I honestly have no idea why anyone would take the time or energy to
create and send out this stuff and I understand that Microsoft is not
responsible.
Still, because it looks so authentic even though Microsoft has stated
that they never send out attachments, perhaps they could make a
sustained effort to find the source or sources or this spam and shut
them down for good.
p
