Virus: A bogus “Internet Security Pack” message which claims to include security patches for Microsoft Outlook and Internet Explorer harbors a malevolent worm.
Example: [Collected on the Internet, 2003]
this is the latest version of security update, the “March 2003, Cumulative Patch” update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact us.
Please do not reply to this message. It was sent from an unmonitored
Thank you for using Microsoft products.
With friendly greetings,
Origins: The message quoted above has been spammed to countless Internet users, purporting in its header to offer an “Internet Security Pack” from the “Microsoft Corporation Internet Technical Assistance” to patch security holes in Microsoft’s Outlook and Internet Explorer programs. It includes an attached executable file called
Recipients can tell this is not a real Microsoft-issued security update because:
- It is not mailed from a
- Neither the e-mail nor the attached “patch” is signed using the Microsoft Security Response Center’s PGP key.
- Microsoft does not mail executables attached to their security updates; they send links to security bulletins posted on the Microsoft web site which include instructions on how to download the patches.
|Information on Bogus Microsoft Security Bulletin (Microsoft)|
Last updated: 29 January 2008