Posted on 08/15/2003 9:00:59 PM PDT by Timesink
SAN FRANCISCO (CBS.MW) -- Microsoft warned late Friday that a fake security alert contains malicious code that can attack PCs.
The bogus instructions purport to tell the software maker's customers how best to handle the dreaded Blaster computer worm that hit this week
The fake Microsoft e-mail, first spotted early Friday, looks "very official," said Sean Sundwall, Microsoft spokesman. The fake e-mail includes instructions to check Microsoft's (MSFT: news, chart, profile) security Web site for a software patch and updates. It also suggests steps that home computer users should take to protect their systems from Blaster, a widespread worm that was programmed to attack a Microsoft Web site Saturday.
Sundwall said the e-mail attachment attempts to unleash a "Trojan horse" that infects one computer, then attempts to e-mail itself to other machines. He said it's not clear at this point what specific damage the code tries to inflict.
The way to spot the fake, Sundwall said, is that the e-mail contains an attachment.
"And we absolutely never send e-mail with attachments," Sundwall said. "Most reputable companies would never send an attachment about something of that nature. If you see one, you know it's a hoax."
The hoax e-mail was set up by a person or group, Sundwall said, trying to attack as customers are being instructed by Microsoft to download software as a protection against Blaster.
Earlier Friday, Microsoft announced that it pulled the plug on a Microsoft Internet address that Blaster targets. That address had been directing customers back to the official Microsoft Web site. See full story.
So far, Microsoft said it had seen little effect from Blaster, even though it's already swept across many time zones. Tens of millions of computers have already received software from Microsoft that's supposed to protect against the attack, said Stephen Toulouse, a security program manager at Microsoft.
The phony e-mail comes just a day after one technology watcher reported what he called a glitch in the Microsoft Windows patch-management system used to download Windows software fixes for Blaster. He said some customers can be tricked into thinking their systems were patched to prevent the Blaster attack, although they really are not.
"I know of numerous companies -- more than 10 -- with thousands of computers among them that have run into this problem," said Russ Cooper, moderator of a mailing list with 30,000 subscribers that tracks Microsoft's software weaknesses.
The problem is a result of the way Windows update checks that a computer has run a particular patch, Cooper says. As of Wednesday, the Windows update only checked a database to see that the patch for Blaster had been run on a particular computer in the past -- not whether the patch had been successfully installed and was working.
According to Cooper, that left open the possibility that computers that crashed during the patching process, were unexpectedly turned off or simply didn't have enough memory to install the software reflected that the patch had been successfully installed, when in some cases that was not true.
Cooper said he notified Microsoft of the potential vulnerability days ago, and by late Wednesday, the company had changed its Blaster patching process. He said the software maker is now using additional software to be sure that Blaster patches were actually up and running on computers.
But Microsoft disputed Cooper's claims, saying that it is checking computer systems to make sure the patch software is being run, as well as successfully installed.
The recent attacks underscore the need for customers to protect their computers with firewall software, which is included in the company's Windows XP operating system, Sundwall said. He adds that consumers should install antivirus software, which Microsoft doesn't sell, even though it recently announced it's acquiring an antivirus software company.
He adds that Microsoft customers can sign up to automatically receive software patches from the company for free.Mike Tarsala is a San Francisco-based reporter for CBS.MarketWatch.com.
Protecting yourself from that crap isn't hard, just use common sense.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.