TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Information on Bogus Microsoft Security Bulletin
Microsoft has learned that a malicious user is circulating an e-mail that
purports to be a Microsoft Security Bulletin, and which directs the reader
to download an executable file from a web site. Customers who receive such
an e-mail should delete it, and under no circumstances should they
download the executable. The would-be bulletin claims to be Microsoft
Security Bulletin MS01-037. However, the issue it describes is fictitious.
In addition, it provides a link to a web site whose URL looks like the
Microsoft web site, but in reality is not. The "patch" hosted on the site
is a piece of hostile code <http://www.symantec.com/avcenter/venc/data/w32.leave.b.worm.html> that could enable an attacker to remotely
control another user?s system. There are several dead giveaways that
indicate that the e-mail isn?t a bona fide security bulletin: The e-mail
isn't signed using the Microsoft Security Response Center?s PGP key.
Microsoft always signs its bulletins before mailing them, and you can
verify the signature using the key we publish at http://www.microsoft.com/technet/security/bulletin/notify.asp </technet/security/bulletin/notify.asp>. If you are
ever in doubt about the authenticity of a bulletin mailer you?ve received,
consult the web-hosted bulletins on the Microsoft Security </technet/security/current.asp> web site ? the
versions there are the authority versions. The e-mail contains a link to
a supposed patch. Authentic bulletin mailers never provide a link to the
patch; instead, they refer the reader to the complete version of the
bulletin on our web site, which provides a link to the patch. The "patch"
the bogus bulletin links to isn't digitally signed. Microsoft always
digitally signs the patches it releases. Always be sure you check the
signature of any executable before installing it on your system.
Microsoft is taking aggressive action to protect customers from this
issue. We have contacted the Internet Service Provider where the
counterfeit patch was hosted, and they have removed it. We also are
working with the anti-virus community to ensure that current virus scanner
products will detect the hostile code and remove it. Just the same, this
is not the first time malicious users have issued counterfeit security
bulletins, and it will likely not be the last. Microsoft urges customers
to always verify any mail that claims to be a Microsoft security bulletin.
Purchase RoboHelp X3 in April and receive a $100 mail-in
rebate, plus FREE RoboScreenCapture and WebHelp Merge Module.
Order here: http://www.ehelp.com/techwr-l/
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.