[s. sengupta]

an email seems to be spreading claiming to be from MS announcing the March IE cummulative patch (which does not exist till now)


From: Microsoft Corporation Internet Technical Services
To: MS Customer Sent: Tuesday, March 18, 2003 9:22 PM
Subject: New Security Patch

MS Customer

this is the latest version of security update, the "March 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.

It has attached a file which Norton removed:
Norton AntiVirus removed the attachment: q293784.exe.
The attachment was infected with the W32.Gibe.B@mm virus.
So you're warned!

Source:-winxp.bink.nu

[BrokenArrow]

Just got it this morning...and deleted it. I have never gotten a patch thru email and feared it was a virus...glad I did now.

[Mac33]

Glad you saw this BrokenArrow. I had posted in your other thread and remembered we had highlighted it in here and i was just ready to send you the link.

[SCgone]

When I get someting like this, I look at the header trying to determine where it originated and then I contact their ISP's abuse department.

[Mac33]

Good one Bob, that's what we should all do.

[SCgone]

It's not always easy to determine where the original sender is, but the following page is an excellent source for learnig how to find and read full mail headers. It also has instructions for most major email programs.

Mail Headers

[Mac33]

Thanks for the heads up Bob
Greatly appreciated.

[BrokenArrow]

Thanks Bell...never knew much about reading mail headers. I did see that the supposed Microsoft patch came from aldelphia.net instead of microsoft.com which was kinda suspicious to me, and so I deleted it. I'll have to use this page for awhile until I can read these headers. Thanks again!

[SCgone]

Hey BrokenArrow, I just wanted to let you know that it does do some good to read those headers and report them. Here's what I sent and got back from Yahoo.uk today....
................................................

Hi,

Thanks for your email.

Thank you for reporting this to Yahoo! It is prohibited to send
unsolicited or 'spam' email from a Yahoo! Mail account as agreed by new
users when accepting the Yahoo! Terms of Mail Service Agreement.

In this particular case, we have identified the account used to send
this email and have taken the appropriate action to prevent it from
being used again to send spam mail.

In the future, if you receive an unwanted email message that appears to
originate from a Yahoo! Mail account, please forward the message with
full headers directly to us at uk-abuse@yahoo-inc.com.

Thank you for working with us to keep Yahoo! a friendly email environment.

Regards,

Customer Care - Yahoo! UK & Ireland


Original Message Follows:
-------------------------

YI6RED

Hello. The spammer below is either using your resources to send out bulk unsolicited commercial e-mail or is deceptively trying to make it look like he is. In either case, a legitimate company like yours probably would not approve. The information below should be all you need.

--begin full headers--
Return-Path: <oscarcereal992003@yahoo.co.uk>
Received: from [xxx.xxx.xxx.xx] (HELO heloimore862.com)
by dc-mx13.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9)
with SMTP id 71194600; Mon, 31 Mar 2003 02:00:52 -0500
From: "oscar" <oscarcereal992003@yahoo.co.uk>
Reply-To: mondula_1414@rediffmail.com
To: rlsg@charter.net
Date: Mon, 31 Mar 2003 19:59:34 -0800
Subject: Urgent Reply
X-Mailer: Microsoft Outlook Express 5.50.4522.1500
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <auto-000071194600@dc-mx13.cluster1.charter.net>