Received MS Critical Upgrade....genuine? or phishing?

[Adela]

Please forgive my taking so much space here, but I hope someone could tell
me how to find out if the following is a GENUINE Microsoft msg, or a
phishing? Also, if this isn't the proper newsgroup, please let me know to
which I should send this post. I clicked on "contact" and there wasn't any
contact there.
Thanks so very much!: Adela

I received the following email, supposedly from Microsoft, on Dec. 15, 2007
at 6:19am but I'm afraid to act on it for fear it's a phishing:

FROM: Microsoft Network Security Center
TO: Commercial Client
SUBJECT: Network Critical Upgrade

Microsoft Client

this is the latest version of security update, the "December 2007,
Cumulative Patch" update which resolves all known security vulnerabilities
affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install
now to protect your computer from these vulnerabilities, the most serious of
which could allow an malicious user to run code on your computer. This
update includes the functionality of all previously released patches.

Then it lists on a table:

Requirements:
This update applies to:
Recommendations:
How to install:
How to use:

Microsoft Product Support Services and Knowledge Base articles can be
found on the Microsoft Technical Support web site. For security-related
information about Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are
the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2007 Microsoft Corporation. All rights reserved. Terms of Use |
Privacy Statement | Accessibility

 

[Sam Crawford]

I've never received an email from Microsoft asking me to install an upgrade.
I would ignore it.

Instead, go to update.microsoft.com and check for updates.

Never trust an email.

 

[Elmo]

Please forgive my taking so much space here, but I hope someone could tell
me how to find out if the following is a GENUINE Microsoft msg, or a
phishing? Also, if this isn't the proper newsgroup, please let me know to
which I should send this post. I clicked on "contact" and there wasn't any
contact there.
Thanks so very much!: Adela

I received the following email, supposedly from Microsoft, on Dec. 15, 2007
at 6:19am but I'm afraid to act on it for fear it's a phishing:

MS doesn't send updates that way; it must be bogus.

 

[Uncle Grumpy]

Please forgive my taking so much space here, but I hope someone could tell
me how to find out if the following is a GENUINE Microsoft msg, or a
phishing?

Phishing.

You will NEVER get an email from MS about updates unless you subscribe
to their monthly security letter that lists all the monthly updates.

 

[Lanwench [MVP - Exchange]]

Please forgive my taking so much space here, but I hope someone could
tell me how to find out if the following is a GENUINE Microsoft msg,

Not legit.

Don't know whether it's a virus or a phishing attempt, but delete
it/don't click. You're wise to be cautious.

Remember, if you never signed up for email security bulletins, Microsoft has
no way (or reason) to contact you by email, and they sure don't send out
security updates as attachments.

If you want updates, use Microsoft Update (that is to say, "don't call us,
we'll call you." )

 

[Bruce Chambers]

Please forgive my taking so much space here, but I hope someone could tell
me how to find out if the following is a GENUINE Microsoft msg, or a
phishing? Also, if this isn't the proper newsgroup, please let me know to
which I should send this post. I clicked on "contact" and there wasn't any
contact there.
Thanks so very much!: Adela

I received the following email, supposedly from Microsoft, on Dec. 15, 2007
at 6:19am but I'm afraid to act on it for fear it's a phishing:

FROM: Microsoft Network Security Center
TO: Commercial Client
SUBJECT: Network Critical Upgrade

Microsoft Client

Snipped....


What you're receiving is most likely the output of a computer
infected by one of several widely publicized, wide-spread, mass emailing
worms, or a newer derivative. The virus' authors have deliberately
spoofed the Microsoft information in the hopes of garnering more
victims. This sort of email has been very common for past few years.
Some of the most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if -- and only if
-- you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Remember, any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/, and no where else. You
should develop the habit of checking this site at least once a month to
keep your computer up-to-date. (Notice that this is the true URL,
rather than the bogus one that may have been contained in the email you
received.) Any messages that point to any other source(s) or claim to
have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of a
mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps. You can also ask your ISP to take steps to preclude their mail
server from passing on such emails. Many ISPs have such filtering
capabilities.


--

Bruce Chambers

Help us help you:


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Adela]

Thanks so very much to Sam, Elmo, Uncle, Larwench and Bruce for your advice!
Is there a way I can check to see whether I'm subscribed? I don't remember;
however, I will certainly delete this in the meantime and thanks again for
opening my eyes! ) Adela

 

[Bruce Chambers]

Thanks so very much to Sam, Elmo, Uncle, Larwench and Bruce for your advice!
Is there a way I can check to see whether I'm subscribed? I don't remember;
however, I will certainly delete this in the meantime and thanks again for
opening my eyes! ) Adela

You can check the status of any such subscriptions here:

https://profile.microsoft.com/RegSysProfileCenter/SubCntDefault.aspx?lcid=1033


--

Bruce Chambers

Help us help you:


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot

 

[Donald L McDaniel]

Phishing.

You will NEVER get an email from MS about updates unless you subscribe
to their monthly security letter that lists all the monthly updates.

And even then, they will NOT attach such updates to that e-mail. They will give
you a link to the download on Microsoft's website.

Microsoft NEVER includes the actual updates in e-mail. Never has, and like
Bruce says, probably never will.


ANY e-mail claiming to be from Microsoft (no matter HOW legitimate it looks)
which includes attachments is obviously not from Microsoft, and therefore, must
be phishing attempts.

What to do if you receive such an email:

UNDER ANY CIRCUMSTANCES, do NOT open such an email. And even if it is just
displayed in your Preview window:
1) Delete it immediately.
2) Empty your Delete folder.
3) Do a full AV scan using your most powerful AV package.
4) Reboot

 

[Donald L McDaniel]

I've never received an email from Microsoft asking me to install an upgrade.
I would ignore it.

BTW, such a security update for December has not been released, as far as I
know.

I would do much more, including immediately deleting the mail. Above all, I
would NEVER actually OPEN such an email. Even allowing it to display in the
Preview window is dangerous.

 

[db ´¯`·.. >]

you should post the
headers of that msg
on this thread.



--

<)))º>·´¯`·.¸. , . .·´¯`·.. ><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>

..

 

[Jupiter Jones [MVP]]

There are a few exceptions to that.
Like most absolutes, Never, Always etc, there are exceptions.
But when there is such an exception, the receiver will know exactly
what is expected and who it is from.

If there is any doubt at all, delete it.
Or contact the individual you know from previous communications to
expect the file.
If that information is unknown, delete it.

In the case of the OP, this is an old and obvious fake.

 

[Adela]

Thanks again, Bruce! I went to see the link and it seemes that I did put a
check to receive information. Since I get automatic updates, etc. I just
removed the check so now I'll know for sure those emails are phishers! )
Adela

 

[Adela]

Hi Jupiter and thanks. You are right though...certain corporations, like
Microsoft, are mighty difficult to contact with a quick phone or email
question... ) As you say, when in doubt it's much better to delete
which is what I did after sending it to some anti-fraud organizations.
What's "OP"? Thanks again. Adela

 

[Adela]

Hi again Lanwench, actually it didn't come with any attachment. And while
on the subject...do you or others on this list know why about 99.9% of my
incoming messages in OE come with the little icon of a paper clip, meaning
attachment, yet no attachments are with the emails nor from the text, I can
tell no attachment has been sent? Thanks. Adela

"Lanwench [MVP - Exchange]"

 

[Adela]

Hi db and thanks. Are the headers what you see by clicking on the email and
then on "properties"? Then here they are:

Return-Path: <[email protected]>
Received: from mr06.lnh.mail.rcn.net (EHLO mr06.lnh.mail.rcn.net)
([207.172.157.26])
by ms16.lnh.mail.rcn.net (MOS 3.8.5-GA FastPath queued)
with ESMTP id AQT61407;
Sat, 15 Dec 2007 06:19:17 -0500 (EST)
Received: from mx04.lnh.mail.rcn.net (mx04.lnh.mail.rcn.net
[207.172.157.54])
by mr06.lnh.mail.rcn.net (MOS 3.8.5-GA)
with ESMTP id HNR97028;
Sat, 15 Dec 2007 06:19:16 -0500 (EST)
Received: from viola.ocn.ne.jp (HELO smtp.viola.ocn.ne.jp) ([122.1.235.101])
by mx04.lnh.mail.rcn.net with ESMTP; 15 Dec 2007 06:19:10 -0500
Received: from ltiwfl (p1078-dng08motoma.hiroshima.ocn.ne.jp
[61.112.137.79])
by smtp.viola.ocn.ne.jp (Postfix) with SMTP
id CB6A22B6D; Sat, 15 Dec 2007 20:17:25 +0900 (JST)
From: "Microsoft Network Security Center" <>
To: "Commercial Client" <[email protected]>
SUBJECT: Network Critical Upgrade
Message-Id: <[email protected]>
Date: Sat, 15 Dec 2007 20:17:25 +0900 (JST)
X-Junkmail-Status: score=10/50, host=mr06.lnh.mail.rcn.net
X-Junkmail-SD-Raw: score=unknown,
refid=str=0001.0A010207.4763B716.00B4,ss=1,vtr=str,vl=3,fgs=16,
ip=122.1.235.101,
so=2007-07-31 18:51:00,
dmn=5.4.3/2007-11-16
X-Antivirus: AVG for E-mail 7.5.503 [269.17.2/1184]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=uchuyxbxzjv

Ohhhhh, my goodness! It came from Japan? Although MS is all over the
world. ) This is the only thing I could decipher! I'd be very much
interested in knowing what you discovered, for which, thank you!
Adela

 

[Adela]

Hello again Bruce, just want to thank you for the useful links you sent me,
especially this one: . I
read it with interest and will try to remember as much as possible. I'm
sure no one wishes to be unfair to the wonderful work hackers do in helping
so many people so well.

Loved your quotations at the end, but especially so this one:

The philosopher has never killed any priests, whereas the priest has killed
a great many philosophers.
~ Denis Diderot

Thanks again. Adela

 

[Jupiter Jones [MVP]]

Adela;
Your welcome
OP = Original Poster.
In other words the person who started the thread, in this case you.

 

[Lanwench [MVP - Exchange]]

Hi again Lanwench, actually it didn't come with any attachment. And
while on the subject...do you or others on this list know why about
99.9% of my incoming messages in OE come with the little icon of a
paper clip, meaning attachment, yet no attachments are with the
emails nor from the text, I can tell no attachment has been sent? Thanks.
Adela

Dunno - HTML format, signature, whatnot?
You'd need to post in an OE group or look at www.insideoe.com for more
expert info, though.

"Lanwench [MVP - Exchange]"

Not legit.

Don't know whether it's a virus or a phishing attempt, but delete
it/don't click. You're wise to be cautious.

Remember, if you never signed up for email security bulletins,
Microsoft has no way (or reason) to contact you by email, and they
sure don't send out security updates as attachments.

If you want updates, use Microsoft Update (that is to say, "don't
call us, we'll call you." )

 

[db ´¯`·.. >]

you're welcome.

the information you
provided is valuable.



--

<)))º>·´¯`·.¸. , . .·´¯`·.. ><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>

..

Hi db and thanks. Are the headers what you see by clicking on the email and
then on "properties"? Then here they are:

Return-Path: <[email protected]>
Received: from mr06.lnh.mail.rcn.net (EHLO mr06.lnh.mail.rcn.net)
([207.172.157.26])
by ms16.lnh.mail.rcn.net (MOS 3.8.5-GA FastPath queued)
with ESMTP id AQT61407;
Sat, 15 Dec 2007 06:19:17 -0500 (EST)
Received: from mx04.lnh.mail.rcn.net (mx04.lnh.mail.rcn.net [207.172.157.54])
by mr06.lnh.mail.rcn.net (MOS 3.8.5-GA)
with ESMTP id HNR97028;
Sat, 15 Dec 2007 06:19:16 -0500 (EST)
Received: from viola.ocn.ne.jp (HELO smtp.viola.ocn.ne.jp) ([122.1.235.101])
by mx04.lnh.mail.rcn.net with ESMTP; 15 Dec 2007 06:19:10 -0500
Received: from ltiwfl (p1078-dng08motoma.hiroshima.ocn.ne.jp [61.112.137.79])
by smtp.viola.ocn.ne.jp (Postfix) with SMTP
id CB6A22B6D; Sat, 15 Dec 2007 20:17:25 +0900 (JST)
From: "Microsoft Network Security Center" <>
To: "Commercial Client" <[email protected]>
SUBJECT: Network Critical Upgrade
Message-Id: <[email protected]>
Date: Sat, 15 Dec 2007 20:17:25 +0900 (JST)
X-Junkmail-Status: score=10/50, host=mr06.lnh.mail.rcn.net
X-Junkmail-SD-Raw: score=unknown,
refid=str=0001.0A010207.4763B716.00B4,ss=1,vtr=str,vl=3,fgs=16,
ip=122.1.235.101,
so=2007-07-31 18:51:00,
dmn=5.4.3/2007-11-16
X-Antivirus: AVG for E-mail 7.5.503 [269.17.2/1184]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=uchuyxbxzjv

Ohhhhh, my goodness! It came from Japan? Although MS is all over the world.
) This is the only thing I could decipher! I'd be very much interested in
knowing what you discovered, for which, thank you! Adela

you should post the
headers of that msg
on this thread.



--




.