On Thu, 18 Sep 2003, at 4:10pm, [EMAIL PROTECTED] wrote: > One has the subject line "Current Update", the other has a subject line > "Current Microsoft Critical Upgrade".
As others have pointed out, Microsoft **NEVER** distributes patches via email. http://www.microsoft.com/technet/security/news/patch_hoax.asp Most likely, you have received a message sent by one of the many self-propagating worms out there. By making the payload appear to be a "security fix", naive users are more likely to run it, especially with all the press worms and viruses are getting today. Classic Trojan-horse gambit. It could also be a non-worm Trojan-horse, but I doubt it. I like the joke that a worm could distribute itself as "NEVER_FUCKING_OPEN_THIS.EXE" and people would still open it up and run it, compromising their systems and spreading the worm. Ha ha. Only serious. It is worth pointing out that Linux and Unix are just as vulnerable to this as MS-Windows. There is absolutely zero reason someone couldn't write a "fix-linux.sh" worm that mailed itself to people, telling them to run the important security update. Indeed, I'm rather surprised we haven't seen anything like this yet. But I'm sure it is only a matter of time until we do. Once enough naive users are running Linux, we will have most of the same security peoples Microsoft does. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
