/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_attachments/4e87dec02a073af788a649c22dd4e904b03783c9cbb805a3957a0cc442bfc7ac.gif)
This week one of my email accounts has received over 10 separate emails
with different subjects, all supposedly sent by Microsoft Corporation.
These messages include an executable attachment that's supposedly a
cumulative update for Internet Explorer, Outlook and Outlook Express.
This genre of message has evolved from a previous mail that supposedly
arrived from Citibank NA asking the recipient to confirm their bank
account details including Internet user name and password!
Even Krishna Kumar of PC Quest was nearly fooled! Until the mail
sender's address made him suspicious. I must admit the social
engineering used is quite good. And the message body, both for the
earlier Citibank version, and the current Microsoft variant, don't
include too many grammatical or spelling mistakes. And a person with an
average knowledge of English probably won't notice the oddities of
composition. But as a former editor, I still keep a hawk-eye for errors!
The infected messages were sent by MS Corporate Security Division, MS
Corporate Security Assistance, Microsoft Program Security Department,
Microsoft Network Security Division, Microsoft Corporation Network
Security Division, Microsoft Corporation Network Security Center, and
Microsoft Corporation Internet Security Division. And were addressed to
either MS Customer or Microsoft Customer. The message body
read:
this is the latest version of security update, the
"October 2003, Cumulative Patch" update which fixes all known security
vulnerabilities affecting MS Internet Explorer, MS Outlook and MS
Outlook Express as well as three newly discovered vulnerabilities.
Install now to protect your computer from these vulnerabilities. This
update includes the functionality of all previously released
patches.
With details on what was patched, much like the
company's online Security Bulletin's are formatted.
In addition, the first thing I do for any mail received from an hitherto
unknown accounts or senders is to process it through my Outlook mail
client's
target="_blank">Peek add-in (see also
search" target="_blank">Freeloader, April 14, 2003). This separates
HTML-formatted mail into the message body, the HTML code, and the mail
headers. And I invariably check out the last first. The Citibank mail
arrived from a Yahoo ID (since suspended for mail abuse)! The Microsoft
mail is sent by a variety of mail servers; many of which appear to be
individual computers infected by the Swen worm.
Both mails included authentic links to the respective company's web
sites. And this most recent one, includes attachment with titles like
Upgrade7821 and Q126496. My friend Deepak in a moment of weakness (or
jet lag) actually ran the attachment crashing his Windows XP-powered
laptop. In the end he had to reformat the disk and reinstall the
complete operating system! Luckily, just before downloading his mail
that fateful day he'd run company-mandated complete system data backup
and was able to recover his data but mail settings and browser Favorites
were gone forever.
The problem of fake email is now so acute, that Microsoft has even a
dedicated page "
target="_blank">How to Tell If a Microsoft Security-Related Message Is
Genuine" on the subject. It suggest you
target="_blank">verify the digital signature on TechNet, or read the
target="_blank">complete list of Security Bulletins issued.
In today's very dangerous online world, remain at high alert whenever
you access the Internet. Or download your mail and if possible, check
each mailbox twice. Once using a simple client like Popcorn or nPop. Or
better use Mail2web.com; a Web-based mail retrieval service. And after
reading a mail, delete it completely if it contains a
seemingly-suspicious attachment.
A new buffer overflow vulnerability has been discovered in Windows
Messenger Services and affects Windows NT/2000/XP desktop and servers.
And allows a remote attacker local system (administrative) privileges
that may result in complete system compromise, and also cause the
Messenger Service to fail. To check if your computer too is vulnerable,
security vendor eEye
target="_blank">have released a free scanner. More information may
be found in the
ulletin/MS03-043.asp" target="_blank">Microsoft Security Bulletin
MS03-043.
I haven't been doing much software testing this week. Although the good
news is that Opera
7.21 is finally available. As is the new
There's also a new Winamp 5 beta (4.8 MB, Windows, free) that's just
been
target="_blank">announced. Its better than both earlier versions,
especially Winamp 3 which was a real loser. Five runs blazing fast and
new Features include support for Winamp Classic and Modern skins, an
improved Library to browse music and videos while allowing access to
Internet Radio and TV stations, CD ripping and an ability to burn your
favorites tunes to a CD!
Elsewhere Apple's immensely popular music download service,
is now available for Windows too. But the platform appears not without
flaws. For the moment iPod users can't access other services and are
limited to Apple's Music Store catalog. And combining the latter with
iTunes blocks out the many different Windows Media-compatible portable
music devices too!
G Menon
Disclaimer: These are the views of Govind Menon and CIOL does not necessarily concur with them