REMINDER!! Emails "from Microsoft"

People should be aware that Microsoft *never* sends updates or other
code, updates, fixes, etc., via email. If you get an email claiming to
be from Microsoft that has an attachment of any kind (other than the
ATxxxxx.HTM attachment that results from setting your reader to read in
plain-text-only) it is a HOAX! It may or may not contain malicious
payloads. As stated by MS itself in the following:

* Microsoft will never attach software updates to our security
e-mail notifications. Rather, we refer customers to our Web site for
complete information on the software update or security incident. Most
Microsoft software updates are provided through Microsoft Windows
Update, Microsoft Office Update, or the Microsoft Download Center. This
is a common scam for which Microsoft has long standing guidance
available at
http://www.microsoft.com/security/in...cate_mail.mspx.

* In addition, as a best practice users should always exercise
extreme caution when opening unsolicited attachments from both known and
unknown sources.

--
Gary S. Terhune
MS MVP Shell/User

Excellent reminder Gary !

There are several Internet worms that masquerade as patches from Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware of this
problem.

All you can do is...

1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.

--
Dave




"Gary S. Terhune" wrote in message
...
| People should be aware that Microsoft *never* sends updates or other
| code, updates, fixes, etc., via email. If you get an email claiming to
| be from Microsoft that has an attachment of any kind (other than the
| ATxxxxx.HTM attachment that results from setting your reader to read in
| plain-text-only) it is a HOAX! It may or may not contain malicious
| payloads. As stated by MS itself in the following:
|
| * Microsoft will never attach software updates to our security
| e-mail notifications. Rather, we refer customers to our Web site for
| complete information on the software update or security incident. Most
| Microsoft software updates are provided through Microsoft Windows
| Update, Microsoft Office Update, or the Microsoft Download Center. This
| is a common scam for which Microsoft has long standing guidance
| available at
| http://www.microsoft.com/security/in...cate_mail.mspx.
|
| * In addition, as a best practice users should always exercise
| extreme caution when opening unsolicited attachments from both known and
| unknown sources.
|
| --
| Gary S. Terhune
| MS MVP Shell/User
|
|

As an added note, if you use Outlook Express 6 as you email client, you
should use the option found on the Read tab in Options to "Read in
Plain-text only". While this will not prevent you from opening an
attachment unadvisedly, it *will* stop potentially harmful payloads
embedded in HTML from executing.

Then you can do as I do and complain to *anybody* who send you HTML
email. Or at least complain if the content isn't as easily readable in
plain text as it is in HTML.

--
Gary S. Terhune
MS MVP Shell/User

"David H. Lipman" wrote in message
...
Excellent reminder Gary !

There are several Internet worms that masquerade as patches from
Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft
are fully aware of this
problem.

All you can do is...

1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective
email servers.
4. Install *all* MS Critical Updates via the Windows Update web
site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.

--
Dave




"Gary S. Terhune" wrote in message
...
| People should be aware that Microsoft *never* sends updates or other
| code, updates, fixes, etc., via email. If you get an email claiming
to
| be from Microsoft that has an attachment of any kind (other than the
| ATxxxxx.HTM attachment that results from setting your reader to read
in
| plain-text-only) it is a HOAX! It may or may not contain malicious
| payloads. As stated by MS itself in the following:
|
| * Microsoft will never attach software updates to our
security
| e-mail notifications. Rather, we refer customers to our Web site for
| complete information on the software update or security incident.
Most
| Microsoft software updates are provided through Microsoft Windows
| Update, Microsoft Office Update, or the Microsoft Download Center.
This
| is a common scam for which Microsoft has long standing guidance
| available at
| http://www.microsoft.com/security/in...cate_mail.mspx.
|
| * In addition, as a best practice users should always
exercise
| extreme caution when opening unsolicited attachments from both known
and
| unknown sources.
|
| --
| Gary S. Terhune
| MS MVP Shell/User
|
|

Don't drive Lexuses (Lexi?) either:

http://www.infosecnews.com/news/inde...&newsType=News

paste
Mobile virus infects Lexus cars
by David Quainton

Lexus cars may be vulnerable to viruses that infect them via mobile phones.
Landcruiser 100 models LX470 and LS430 have been discovered with infected
operating systems that transfer within a range of 15 feet.
"If infected mobile devices are scary, just thinking about an infected
onboard
computer..," said Eugene Kaspersky, head of anti-virus research at Russian
firm Kaspersky. "We do know that car manufacturers are integrating existing
operating systems into their onboard computers (take the Fiat and Microsoft
deal, for instance)."

It is understood the virus could affect the navigation system of the Lexus
models, it transfers onto them via a Bluetooth mobile phone connection. It
is
still unclear which operating system the cars in question use.

"At this stage it's still early but it just goes to show that technology has
consequences," said David Emm, senior technology consultant at Kaspersky.
"It's scary stuff."

Vulnerable operating systems are increasingly moving onto a number of
different devices. Last year the Slammer worm infected 13,000 Bank of
America
ATMs as a result of them moving to a Windows-based operating system.

"I've even seen screenshots of major commercial aeroplanes with Windows
2000-based operating systems," said Mikko Hypponen, director of anti-virus
research at Finnish firm F-Secure. "Cars are an obvious target for viruses.
It's okay if you don't use the operating system for the engine and the
brakes,
but when you do..."

Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.

When contacted Lexus declined to comment.
/paste
--
~PAÞ

Gary S. Terhune wrote:
People should be aware that Microsoft *never* sends updates or other
code, updates, fixes, etc., via email. If you get an email claiming to
be from Microsoft that has an attachment of any kind (other than the
ATxxxxx.HTM attachment that results from setting your reader to read in
plain-text-only) it is a HOAX! It may or may not contain malicious
payloads. As stated by MS itself in the following:

* Microsoft will never attach software updates to our security
e-mail notifications. Rather, we refer customers to our Web site for
complete information on the software update or security incident. Most
Microsoft software updates are provided through Microsoft Windows
Update, Microsoft Office Update, or the Microsoft Download Center. This
is a common scam for which Microsoft has long standing guidance
available at
http://www.microsoft.com/security/in...cate_mail.mspx.

* In addition, as a best practice users should always exercise
extreme caution when opening unsolicited attachments from both known and
unknown sources.

Brian Livingston dropped this interesting little tid-bit into my Inbox a
few minutes ago about anti-adware/spyware apps (scroll down a ways for
the actual article.)

http://windowssecrets.com/050127

Very interesting.... (Note the score of Giant, which is what MS bought
for their new Anti-Spyware apps that's not in beta testing.)

--
Gary S. Terhune
MS MVP Shell/User

"PA Bear" wrote in message
...
Don't drive Lexuses (Lexi?) either:


http://www.infosecnews.com/news/inde...&newsType=News

paste
Mobile virus infects Lexus cars
by David Quainton

Lexus cars may be vulnerable to viruses that infect them via mobile
phones.
Landcruiser 100 models LX470 and LS430 have been discovered with
infected
operating systems that transfer within a range of 15 feet.
"If infected mobile devices are scary, just thinking about an infected
onboard
computer..," said Eugene Kaspersky, head of anti-virus research at
Russian
firm Kaspersky. "We do know that car manufacturers are integrating
existing
operating systems into their onboard computers (take the Fiat and
Microsoft
deal, for instance)."

It is understood the virus could affect the navigation system of the
Lexus
models, it transfers onto them via a Bluetooth mobile phone
connection. It
is
still unclear which operating system the cars in question use.

"At this stage it's still early but it just goes to show that
technology has
consequences," said David Emm, senior technology consultant at
Kaspersky.
"It's scary stuff."

Vulnerable operating systems are increasingly moving onto a number of
different devices. Last year the Slammer worm infected 13,000 Bank of
America
ATMs as a result of them moving to a Windows-based operating system.

"I've even seen screenshots of major commercial aeroplanes with
Windows
2000-based operating systems," said Mikko Hypponen, director of
anti-virus
research at Finnish firm F-Secure. "Cars are an obvious target for
viruses.
It's okay if you don't use the operating system for the engine and the
brakes,
but when you do..."

Bill Gates is a known Lexus driver. In 1999 he auctioned one for
charity.

When contacted Lexus declined to comment.
/paste
--
~PAÞ

Gary S. Terhune wrote:
People should be aware that Microsoft *never* sends updates or other
code, updates, fixes, etc., via email. If you get an email claiming
to
be from Microsoft that has an attachment of any kind (other than the
ATxxxxx.HTM attachment that results from setting your reader to read
in
plain-text-only) it is a HOAX! It may or may not contain malicious
payloads. As stated by MS itself in the following:

* Microsoft will never attach software updates to our
security
e-mail notifications. Rather, we refer customers to our Web site for
complete information on the software update or security incident.
Most
Microsoft software updates are provided through Microsoft Windows
Update, Microsoft Office Update, or the Microsoft Download Center.
This
is a common scam for which Microsoft has long standing guidance
available at
http://www.microsoft.com/security/in...cate_mail.mspx.

* In addition, as a best practice users should always
exercise
extreme caution when opening unsolicited attachments from both known
and
unknown sources.

Correction! "...that's NOW in beta testing."

--
Gary S. Terhune
MS MVP Shell/User

"Gary S. Terhune" wrote in message
...
Brian Livingston dropped this interesting little tid-bit into my Inbox
a
few minutes ago about anti-adware/spyware apps (scroll down a ways for
the actual article.)

http://windowssecrets.com/050127

Very interesting.... (Note the score of Giant, which is what MS bought
for their new Anti-Spyware apps that's not in beta testing.)

--
Gary S. Terhune
MS MVP Shell/User

"PA Bear" wrote in message
...
Don't drive Lexuses (Lexi?) either:



http://www.infosecnews.com/news/inde...&newsType=News

paste
Mobile virus infects Lexus cars
by David Quainton

Lexus cars may be vulnerable to viruses that infect them via mobile
phones.
Landcruiser 100 models LX470 and LS430 have been discovered with
infected
operating systems that transfer within a range of 15 feet.
"If infected mobile devices are scary, just thinking about an
infected
onboard
computer..," said Eugene Kaspersky, head of anti-virus research at
Russian
firm Kaspersky. "We do know that car manufacturers are integrating
existing
operating systems into their onboard computers (take the Fiat and
Microsoft
deal, for instance)."

It is understood the virus could affect the navigation system of the
Lexus
models, it transfers onto them via a Bluetooth mobile phone
connection. It
is
still unclear which operating system the cars in question use.

"At this stage it's still early but it just goes to show that
technology has
consequences," said David Emm, senior technology consultant at
Kaspersky.
"It's scary stuff."

Vulnerable operating systems are increasingly moving onto a number
of
different devices. Last year the Slammer worm infected 13,000 Bank
of
America
ATMs as a result of them moving to a Windows-based operating system.

"I've even seen screenshots of major commercial aeroplanes with
Windows
2000-based operating systems," said Mikko Hypponen, director of
anti-virus
research at Finnish firm F-Secure. "Cars are an obvious target for
viruses.
It's okay if you don't use the operating system for the engine and
the
brakes,
but when you do..."

Bill Gates is a known Lexus driver. In 1999 he auctioned one for
charity.

When contacted Lexus declined to comment.
/paste
--
~PAÞ

Gary S. Terhune wrote:
People should be aware that Microsoft *never* sends updates or
other
code, updates, fixes, etc., via email. If you get an email
claiming
to
be from Microsoft that has an attachment of any kind (other than
the
ATxxxxx.HTM attachment that results from setting your reader to
read
in
plain-text-only) it is a HOAX! It may or may not contain malicious
payloads. As stated by MS itself in the following:

* Microsoft will never attach software updates to our
security
e-mail notifications. Rather, we refer customers to our Web site
for
complete information on the software update or security incident.
Most
Microsoft software updates are provided through Microsoft Windows
Update, Microsoft Office Update, or the Microsoft Download Center.
This
is a common scam for which Microsoft has long standing guidance
available at
http://www.microsoft.com/security/in...cate_mail.mspx.

* In addition, as a best practice users should always
exercise
extreme caution when opening unsolicited attachments from both
known
and
unknown sources.

Bluetooth is worthless, imo because it can be easily cracked by hackers.
Walt Mossberg of the Wall Street Journal has reported problems with Bluetooth
technology because hackers could break through it and steal address
information and other personnel information. I for one will not use
Bluetooth technology because of its vulnerabilities.

"PA Bear" wrote in message
...
: Don't drive Lexuses (Lexi?) either:
:
:
http://www.infosecnews.com/news/inde...&newsType=News
:
: paste
: Mobile virus infects Lexus cars
: by David Quainton
:
: Lexus cars may be vulnerable to viruses that infect them via mobile phones.
: Landcruiser 100 models LX470 and LS430 have been discovered with infected
: operating systems that transfer within a range of 15 feet.
: "If infected mobile devices are scary, just thinking about an infected
: onboard
: computer..," said Eugene Kaspersky, head of anti-virus research at Russian
: firm Kaspersky. "We do know that car manufacturers are integrating existing
: operating systems into their onboard computers (take the Fiat and Microsoft
: deal, for instance)."
:
: It is understood the virus could affect the navigation system of the Lexus
: models, it transfers onto them via a Bluetooth mobile phone connection. It
: is
: still unclear which operating system the cars in question use.
:
: "At this stage it's still early but it just goes to show that technology
has
: consequences," said David Emm, senior technology consultant at Kaspersky.
: "It's scary stuff."
:
: Vulnerable operating systems are increasingly moving onto a number of
: different devices. Last year the Slammer worm infected 13,000 Bank of
: America
: ATMs as a result of them moving to a Windows-based operating system.
:
: "I've even seen screenshots of major commercial aeroplanes with Windows
: 2000-based operating systems," said Mikko Hypponen, director of anti-virus
: research at Finnish firm F-Secure. "Cars are an obvious target for viruses.
: It's okay if you don't use the operating system for the engine and the
: brakes,
: but when you do..."
:
: Bill Gates is a known Lexus driver. In 1999 he auctioned one for charity.
:
: When contacted Lexus declined to comment.
: /paste
: --
: ~PAÞ
:
: Gary S. Terhune wrote:
: People should be aware that Microsoft *never* sends updates or other
: code, updates, fixes, etc., via email. If you get an email claiming to
: be from Microsoft that has an attachment of any kind (other than the
: ATxxxxx.HTM attachment that results from setting your reader to read in
: plain-text-only) it is a HOAX! It may or may not contain malicious
: payloads. As stated by MS itself in the following:
:
: * Microsoft will never attach software updates to our security
: e-mail notifications. Rather, we refer customers to our Web site for
: complete information on the software update or security incident. Most
: Microsoft software updates are provided through Microsoft Windows
: Update, Microsoft Office Update, or the Microsoft Download Center. This
: is a common scam for which Microsoft has long standing guidance
: available at
: http://www.microsoft.com/security/in...cate_mail.mspx.
:
: * In addition, as a best practice users should always exercise
: extreme caution when opening unsolicited attachments from both known and
: unknown sources.
:

Thanks for the article, Gary. I found it very interesting. I use SpySweeper
by Webroot and have found it to be a great tool in helping me prevent spyware
and adware infestations. I also use SpywareBlaster, Adaware and Spybot --
Search and Destroy. I recently upgraded my hardware firewalled D-Link router
to a more secure hardware firewalled LinkSys 4-port router. I also use ZA
Pro and was pleased that it was well received in the article. I was
surprised the article did not say anything about E-Trust and its firewall and
antivirus program. Also, I did not know that Giant Antispyware applications
were so good and had actually never heard of Giant until Microsoft purchased
them. Hopefully, Giant will be able to bring an excellent anti-spyware
product to Microsoft after beta-testing is done. I am also looking forward
to Microsoft entering the anti-virus arena and hope they will be able to
excel at this field as well. Anyway, have a great night and we can "talk"
back and forth on Friday. (AntiVir is my current antivirus program although
that will change to E-trust soon)

"Gary S. Terhune" wrote in message
...
: Brian Livingston dropped this interesting little tid-bit into my Inbox a
: few minutes ago about anti-adware/spyware apps (scroll down a ways for
: the actual article.)
:
: http://windowssecrets.com/050127
:
: Very interesting.... (Note the score of Giant, which is what MS bought
: for their new Anti-Spyware apps that's not in beta testing.)
:
: --
: Gary S. Terhune
: MS MVP Shell/User
:
: "PA Bear" wrote in message
: ...
: Don't drive Lexuses (Lexi?) either:
:
:
:
http://www.infosecnews.com/news/inde...&newsType=News
:
: paste
: Mobile virus infects Lexus cars
: by David Quainton
:
: Lexus cars may be vulnerable to viruses that infect them via mobile
: phones.
: Landcruiser 100 models LX470 and LS430 have been discovered with
: infected
: operating systems that transfer within a range of 15 feet.
: "If infected mobile devices are scary, just thinking about an infected
: onboard
: computer..," said Eugene Kaspersky, head of anti-virus research at
: Russian
: firm Kaspersky. "We do know that car manufacturers are integrating
: existing
: operating systems into their onboard computers (take the Fiat and
: Microsoft
: deal, for instance)."
:
: It is understood the virus could affect the navigation system of the
: Lexus
: models, it transfers onto them via a Bluetooth mobile phone
: connection. It
: is
: still unclear which operating system the cars in question use.
:
: "At this stage it's still early but it just goes to show that
: technology has
: consequences," said David Emm, senior technology consultant at
: Kaspersky.
: "It's scary stuff."
:
: Vulnerable operating systems are increasingly moving onto a number of
: different devices. Last year the Slammer worm infected 13,000 Bank of
: America
: ATMs as a result of them moving to a Windows-based operating system.
:
: "I've even seen screenshots of major commercial aeroplanes with
: Windows
: 2000-based operating systems," said Mikko Hypponen, director of
: anti-virus
: research at Finnish firm F-Secure. "Cars are an obvious target for
: viruses.
: It's okay if you don't use the operating system for the engine and the
: brakes,
: but when you do..."
:
: Bill Gates is a known Lexus driver. In 1999 he auctioned one for
: charity.
:
: When contacted Lexus declined to comment.
: /paste
: --
: ~PAÞ
:
: Gary S. Terhune wrote:
: People should be aware that Microsoft *never* sends updates or other
: code, updates, fixes, etc., via email. If you get an email claiming
: to
: be from Microsoft that has an attachment of any kind (other than the
: ATxxxxx.HTM attachment that results from setting your reader to read
: in
: plain-text-only) it is a HOAX! It may or may not contain malicious
: payloads. As stated by MS itself in the following:
:
: * Microsoft will never attach software updates to our
: security
: e-mail notifications. Rather, we refer customers to our Web site for
: complete information on the software update or security incident.
: Most
: Microsoft software updates are provided through Microsoft Windows
: Update, Microsoft Office Update, or the Microsoft Download Center.
: This
: is a common scam for which Microsoft has long standing guidance
: available at
: http://www.microsoft.com/security/in...cate_mail.mspx.
:
: * In addition, as a best practice users should always
: exercise
: extreme caution when opening unsolicited attachments from both known
: and
: unknown sources.
:
:

Gary, I am not trying to be unkind in saying this but Microsoft does send
hotfixes for 98SE through e-mail although Microsoft has never used
attachments in the e-mail they send me. Also, I have always contacted
Microsoft before they sent me an e-mail and it is always regards what I
talked about to the tech. on the telephone; they use a web-link in the e-mail
so I can download the hotfix. The e-mail includes a password in order to
unlock the file that Microsoft sends you. AFAIK, this is how it is always
done and if it is done differently in certain circumstances then feel free to
correct me.

"Gary S. Terhune" wrote in message
...
: People should be aware that Microsoft *never* sends updates or other
: code, updates, fixes, etc., via email. If you get an email claiming to
: be from Microsoft that has an attachment of any kind (other than the
: ATxxxxx.HTM attachment that results from setting your reader to read in
: plain-text-only) it is a HOAX! It may or may not contain malicious
: payloads. As stated by MS itself in the following:
:
: * Microsoft will never attach software updates to our security
: e-mail notifications. Rather, we refer customers to our Web site for
: complete information on the software update or security incident. Most
: Microsoft software updates are provided through Microsoft Windows
: Update, Microsoft Office Update, or the Microsoft Download Center. This
: is a common scam for which Microsoft has long standing guidance
: available at
: http://www.microsoft.com/security/in...cate_mail.mspx.
:
: * In addition, as a best practice users should always exercise
: extreme caution when opening unsolicited attachments from both known and
: unknown sources.
:
: --
: Gary S. Terhune
: MS MVP Shell/User
:
:

Excuse me, Dan, but that is precisely what the excerpts I quoted
suggested. They *don't* send any patches via email, just instructions
for where and how to get them.

--
Gary S. Terhune
MS MVP Shell/User

"Dan" wrote in message
...
Gary, I am not trying to be unkind in saying this but Microsoft does
send
hotfixes for 98SE through e-mail although Microsoft has never used
attachments in the e-mail they send me. Also, I have always contacted
Microsoft before they sent me an e-mail and it is always regards what
I
talked about to the tech. on the telephone; they use a web-link in the
e-mail
so I can download the hotfix. The e-mail includes a password in order
to
unlock the file that Microsoft sends you. AFAIK, this is how it is
always
done and if it is done differently in certain circumstances then feel
free to
correct me.

"Gary S. Terhune" wrote in message
...
: People should be aware that Microsoft *never* sends updates or other
: code, updates, fixes, etc., via email. If you get an email claiming
to
: be from Microsoft that has an attachment of any kind (other than the
: ATxxxxx.HTM attachment that results from setting your reader to read
in
: plain-text-only) it is a HOAX! It may or may not contain malicious
: payloads. As stated by MS itself in the following:
:
: * Microsoft will never attach software updates to our
security
: e-mail notifications. Rather, we refer customers to our Web site for
: complete information on the software update or security incident.
Most
: Microsoft software updates are provided through Microsoft Windows
: Update, Microsoft Office Update, or the Microsoft Download Center.
This
: is a common scam for which Microsoft has long standing guidance
: available at
: http://www.microsoft.com/security/in...cate_mail.mspx.
:
: * In addition, as a best practice users should always
exercise
: extreme caution when opening unsolicited attachments from both known
and
: unknown sources.
:
: --
: Gary S. Terhune
: MS MVP Shell/User
:
: