[Dshield] Microsoft Patch and More

Al Reust areust at comcast.net
Sat Sep 20 06:11:06 GMT 2003


Hello All

I know this is tiresome, But has anyone submitted the "virus/trojan/worm" 
to whichever antivirus company? We Know that a new version of the RPC bug 
is due to hit, but not the Full Mechanism of Delivery. It was stated that 
China had "selected" web pages starting the delivery. But no real Details.

One of the "Social Cracks," is to get "Stupid Users" to click on something 
and start it. We also Know that "they" have about 200+ email addresses in 
their address book. Or can you say "Sobig.x"

I have seen several emails about this and while protecting "Your Private 
Information" is important. What I have not seen is the Email Header 
Information. From a System Administrator point of view that is very 
important, that provides information so that the exact message can be 
tracked. It also tells other viewers of this list information about the 
"Source." It can be very boring to the uninformed, or useful to those that 
are trying to trace something.

If you do not know how to find that information, then it would be wise to 
learn how to extract it (headers), from whatever mail program that you use. 
 From some of the responses, I suspect that there is a lack of knowledge. I 
do not see anyone asking how to do that.

So if this list is to be "Information" or a "Forum for Learning," 
information should be shared "discreetly." That is what makes the Community 
Go and Grow, the sharing of Information. So sharing of Information is a 
Good thing.

The only "Stupid Question" in the world is the one that you carry away with 
you, when you had the person in front of you to ask. When asked (and you 
don't know), a correct response is "I don't know, but I will find out" and 
that is shortly followed by research. Yes I have been in computers for over 
30 years, and at times there are things that I find that I don't know. I do 
know, I go find the answers.

If you are just starting out and ask a question, then the amount of 
information that you give while asking that question will directly result 
in the "answer" you get. The quality of the information you give will 
result in the "Quality" of the information that you receive in return.

I even took time to look briefly at "mrcorp's" Presentation on Hoaxes etc. 
while I did not get to complete it. It was nicely done, It was a step in 
educating "staff and users." Applause. From a part of this particular 
discussion, many need to go look!

<Quote>

For those interested, I put together a short presentation for my staff 
about hoaxes and cover
these types of threats.  Feel free to take and edit for your own company 
and educate your users!

The presentation can be found at: 
http://www.infosecwriters.com/texts.php?op=display&id=79

<End quote>

If You feel offended by this, then please reply to me off the list. I will 
be happy to explain in detail.

R/

Al


At 09:02 PM 9/19/2003 -0400, you wrote:
>Microsoft doesn't email patches.  It is an infection attempt.  I.e., you 
>are under attack.  I got 173 such emails today.  From patch at ms.com, 
>xyof9s at icroft.com.net2, security at update.microsoft.net, 
>urgentupdatefrommsn at besafe.ms.com, etc., etc.  None of them real.  Kind of 
>dumb in my opinion.  The slowest of users has got to figure something is 
>wrong when more than 100 emails asking him to click on the attachment show 
>up in his mailbox on the same day.  :)
>
>
>Subject: [Dshield] Microsoft Patch
>From: "Guy Barnum" <GuyBarnum at Armscole.com>
>Date: Thu, 18 Sep 2003 13:50:26 -0400
>To: <list at dshield.org>
>
>Did anyone else recieve an email from microsoft with an attached exe 
>containing the latest security patch?
>
>With the ease that email headers can be faked I'm surprised M$ would send 
>out an attachment like this via email.  Imagine how easy it would be to 
>send out a fake email with malware attached!
>
>Has anyone tried to fake emails from M$ in the past?
>
>Guy
>
>
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list