This arrived in my mailbox this morning (with an attachment called Q240312.exe) :
Microsoft Customer
this is the latest version of security update, the
“March 2003, Cumulative Patch” update which eliminates
all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow
an attacker to run executable on your system. This update includes
the functionality of all previously released patches.Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact us.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
Thank you for using Microsoft products.
With friendly greetings,
Microsoft Internet Technical Services
Now, it is of course possible that this is legit, but for several reasons I doubt it…
1. Since when does Microsoft send you security updates per e-mail?
2. The attachment is 3 byte. Not a lot for a Microsoft update.
3. The sender address is “Microsoft
4. The recipient is “To: “Microsoft Customer”@no.domain.spam”.
Curiosity killed the cat. I find myself tempted to download the attachment to find out A. whether Norman/Norton will handle it and B. which virus it is.
Ah me.
Ok, I will resist the temptation. I think.
Voice in my head: Vonda Shepard – I only want to be with you