[Dshield] Microsoft Patch and More
areust at comcast.net
Sat Sep 20 06:11:06 GMT 2003
I know this is tiresome, But has anyone submitted the "virus/trojan/worm"
to whichever antivirus company? We Know that a new version of the RPC bug
is due to hit, but not the Full Mechanism of Delivery. It was stated that
China had "selected" web pages starting the delivery. But no real Details.
One of the "Social Cracks," is to get "Stupid Users" to click on something
and start it. We also Know that "they" have about 200+ email addresses in
their address book. Or can you say "Sobig.x"
I have seen several emails about this and while protecting "Your Private
Information" is important. What I have not seen is the Email Header
Information. From a System Administrator point of view that is very
important, that provides information so that the exact message can be
tracked. It also tells other viewers of this list information about the
"Source." It can be very boring to the uninformed, or useful to those that
are trying to trace something.
If you do not know how to find that information, then it would be wise to
learn how to extract it (headers), from whatever mail program that you use.
From some of the responses, I suspect that there is a lack of knowledge. I
do not see anyone asking how to do that.
So if this list is to be "Information" or a "Forum for Learning,"
information should be shared "discreetly." That is what makes the Community
Go and Grow, the sharing of Information. So sharing of Information is a
The only "Stupid Question" in the world is the one that you carry away with
you, when you had the person in front of you to ask. When asked (and you
don't know), a correct response is "I don't know, but I will find out" and
that is shortly followed by research. Yes I have been in computers for over
30 years, and at times there are things that I find that I don't know. I do
know, I go find the answers.
If you are just starting out and ask a question, then the amount of
information that you give while asking that question will directly result
in the "answer" you get. The quality of the information you give will
result in the "Quality" of the information that you receive in return.
I even took time to look briefly at "mrcorp's" Presentation on Hoaxes etc.
while I did not get to complete it. It was nicely done, It was a step in
educating "staff and users." Applause. From a part of this particular
discussion, many need to go look!
For those interested, I put together a short presentation for my staff
about hoaxes and cover
these types of threats. Feel free to take and edit for your own company
and educate your users!
The presentation can be found at:
If You feel offended by this, then please reply to me off the list. I will
be happy to explain in detail.
At 09:02 PM 9/19/2003 -0400, you wrote:
>Microsoft doesn't email patches. It is an infection attempt. I.e., you
>are under attack. I got 173 such emails today. From patch at ms.com,
>xyof9s at icroft.com.net2, security at update.microsoft.net,
>urgentupdatefrommsn at besafe.ms.com, etc., etc. None of them real. Kind of
>dumb in my opinion. The slowest of users has got to figure something is
>wrong when more than 100 emails asking him to click on the attachment show
>up in his mailbox on the same day. :)
>Subject: [Dshield] Microsoft Patch
>From: "Guy Barnum" <GuyBarnum at Armscole.com>
>Date: Thu, 18 Sep 2003 13:50:26 -0400
>To: <list at dshield.org>
>Did anyone else recieve an email from microsoft with an attached exe
>containing the latest security patch?
>With the ease that email headers can be faked I'm surprised M$ would send
>out an attachment like this via email. Imagine how easy it would be to
>send out a fake email with malware attached!
>Has anyone tried to fake emails from M$ in the past?
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see:
More information about the list