I'm not so sure what is so shady about that -- it is notifying people of the recent RPC vulnerability, which is a huge deal to many people.Originally posted by: Jzero
Originally posted by: Shuxclams
Here is a new one.....
From Microsoft Mon Aug 4 07:39:49 2003
X-Apparently-To: XXXXXXXXX@yahoo.com via 66.218.78.180; 04 Aug 2003 07:43:06 -0700 (PDT)
Return-Path: <windowssecurity@email.microsoft.com>
Received: from 209.11.164.116 (EHLO mh.microsoft.m0.net) (209.11.164.116) by mta114.mail.sc5.yahoo.com with SMTP; 04 Aug 2003 07:43:05 -0700 (PDT)
Received: from [209.11.138.130] by 10.206.1.116 (mh.microsoft.m0.net) with SMTP; 04 Aug 2003 07:47:21 +0000
Message-ID: <9707675316.1060007989995@m0.net>
Date: Mon, 4 Aug 2003 07:39:49 -0700 (PDT)
From: "Microsoft" <windowssecurity@email.microsoft.com> | This is spam | Add to Address Book
Reply-to: windowssecurity@email.microsoft.com
To: XXXXXXXX@yahoo.com
Subject: Security Update for Microsoft Windows
Errors-to: windowssecurity@email.microsoft.com
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="---=_NEXT_f6cd6652e4"
X-cid: 9707675316
X-pid: 228387
Content-Length: 1737
*** PLEASE NOTE: Due to the critical importance of this message,
this communication is being sent to all of our Microsoft customers
to alert you of this Security Bulletin. ***
It has been widely reported in the press and on Microsoft's own web
site, that on July 16th we released a critical security bulletin
(MS03-026) and a patch regarding a vulnerability in the Windows
operating system. We wanted to make sure that if you were not aware
of this bulletin and corresponding patch that you take a moment to
go to http://www.microsoft.com/security/ security_bulletins/
ms03-026.asp to find out if you are running an affected version of
the Windows operating system and get the specific information as to
what you need to do to apply this patch if you have not already.
Although we encourage you to pay attention to all security bulletins
and to deploy patches in a timely manner we wanted to call special
attention to this particular instance as we have become aware of
some activity on the internet that we believe increases the
likelihood of the exploitation of this vulnerability. Specifically,
code has been published on several web sites that would allow
someone to spread a worm/virus that takes advantage of the
vulnerability in question thereby impacting your
computing environment.
Although it is our goal to produce the most secure and dependable
products possible, we do become aware of these types of
vulnerabilities. In order to minimize the risks of such
vulnerabilities to your computing environment, we encourage you to
subscribe to the Windows Update service by going to
http://www.windowsupdate.com and also subscribe to Microsoft's
security notification service at http://register.microsoft.com/
subscription/subscribeme.asp?ID=135 if you have not already. By
subscribing to these two services you will automatically receive
information on the latest software updates and the latest security
notifications thereby improving the likelihood that your computing
environment will be safe from worms and viruses that occur.
We apologize for any inconvenience the implementation of this patch
might cause and appreciate you taking the time to update
your system.
Thank you,
Microsoft Corporation
Another good trick.........
SHUX
What's the trick? People keep fwding me this (because I'm the security admin) and it is 100% shady, but I can't seem to prove it. The URLs of the actual e-mail appear to point back to Microsoft.com, but different URLs than the ones they are aliased to.
It's weird.
Rob
Facebook
Twitter