I just received an email message that purported to be from the "Microsoft Corporation Security Center" with the following contained in the introduction and first paragraph:


Microsoft Customer,

This is the latest version of security update, the known security vulnerabilities affecting Internet Explorer and MS Outlook/Express

as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from

these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.


What's so scary...

First of all, the file attached to the email (Q216309.exe) is actually a virus - known as W32.Gibe@mm.

More importantly, this virus is going to infect a lot of people, because it goes to such great lengths to appear convincing and legitimate.

For starters, this particular email references Microsoft's Security Bulletin MS02-005 - which is a LEGITIMATE bulletin.

Further a hyper-link to the Security Bulletin (contained in a subsequent paragraph within the email) does actually LINK to the real Microsoft

Security page.

On top of this, Microsoft DOES offer a security patch, and even uses the same "qxxxxx.exe" naming format for such security updates - the

real patch is Q316059.exe.

All in all, this is one VERY convincing invitation for self-infection!

And, that's the scary part.

Countless recipients will receive this file, visit the Microsoft site, verify the legitimacy of the security flaws and then confidently execute

the attached virus, rather than downloading the real Microsoft patch.

Once infected, the virus will read both Outlook and Outlook Express address books (among other files) and send copies of itself to the

addresses it finds. Thus, continuing the cycle of infection.

If you receive such an email, simply delete the message.


Copyrighted with all rights reserved by Stephen M. Canale