September 2003, Cumulative Security Patch Virus

[Michael Nezi]

Is anyone else receiving emails every hour from what
looks like Microsoft telling me to use the attached file
to update my security? They are calling it the 'September
2003, Cumulative Patch'. I have downloaded the Norton
definitions for this and it stops the attachment from
loading but I don't know how to stop the emails from
coming in every hour. This has been happening since
Thursday, Septemer 18, 2003.

Any advice would be helpful.

Thanks
Michael Nezi

 

[Roger Abell]

The internet has been flooded with them since mid-day Friday.
These are malicious attempts to get people to infect and destroy
their machines.
Delete any such email with and attachment the appears to
come from Microsoft. If you ever do get an unexpected email
from Microsoft it will not have an attachment, but may have a
link to a URL on their website. If you follow such a link, make
sure it is going to go to Microsoft website before you click it.

 

[Bruce Chambers]

Greetings --

What you received is either a very common malicious hoax or the
output of a computer infected by one of several wide-spread, mass
emailing worms. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Microsoft never has, does not currently, and never will email
unsolicited security patches. At the most, if, and only if, you
subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.

There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[john]

yes i keep getting these too , but have not opened or
saved the attatchments. just deleted the mail. when i
went on the ms security update site , there was no
mention of such an update, and as far as i can tell,my
system security is up to date!i do not trust the e-mail ,
as i have never received a security update in such a way
before.my system is set to update automatically, when new
ones are available. does anyone out there know if it is
genuine , or are we being conned ?

 

[Roger Abell]

yes i keep getting these too , but have not opened or
saved the attatchments. just deleted the mail. when i
went on the ms security update site , there was no
mention of such an update, and as far as i can tell,my
system security is up to date!i do not trust the e-mail ,
as i have never received a security update in such a way
before.my system is set to update automatically, when new
ones are available. does anyone out there know if it is
genuine , or are we being conned ?

pure malicious hoax/con/malware/disease/. . .

--
Roger Abell
Microsoft MVP (Windows, Security)
MCSE (W2k3,W2k,Nt4) MCDBA