All of a sudden I am getting a multitude of emails
from "MS Corporation Public Support" to "MS Corporation
Client" under the subject of "Current Security Upgrade".
I am also getting many from "Microsoft Net Message Storage
System" to "Inet User". What in the world is going on
here? All I have done recently is update the XP machine
with the critical updates.

In ,
Scott > typed:

> All of a sudden I am getting a multitude of emails
> from "MS Corporation Public Support"


Nope. You're getting them from someone who wants to inflict a
virus on you.

This is just the latest widespread virus attck.

--
Ken Blake
Please reply to the newsgroup


> to "MS Corporation
> Client" under the subject of "Current Security Upgrade".
> I am also getting many from "Microsoft Net Message Storage
> System" to "Inet User". What in the world is going on
> here? All I have done recently is update the XP machine
> with the critical updates.

Hi Scott,

It's the Swen worm propagating itself - just delete them. Microsoft does not
send out security patches in this manner.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
http://mvp.support.microsoft.com/
Associate Expert - WinXP - Expert Zone
www.microsoft.com/windowsxp/expertzone
Win98 Help - www.rickrogers.org

"Scott" > wrote in message
...
> All of a sudden I am getting a multitude of emails
> from "MS Corporation Public Support" to "MS Corporation
> Client" under the subject of "Current Security Upgrade".
> I am also getting many from "Microsoft Net Message Storage
> System" to "Inet User". What in the world is going on
> here? All I have done recently is update the XP machine
> with the critical updates.

How long will these keep coming? I delete them right
away. Also, I have the latest .dat file from McAfee and
run Zone Alarm, current upgrade too. How can this get
through? Thanks for the information.
>-----Original Message-----
>In ,
>Scott > typed:
>
>> All of a sudden I am getting a multitude of emails
>> from "MS Corporation Public Support"
>
>
>Nope. You're getting them from someone who wants to
inflict a
>virus on you.
>
>This is just the latest widespread virus attck.
>
>--
>Ken Blake
>Please reply to the newsgroup
>
>
>> to "MS Corporation
>> Client" under the subject of "Current Security Upgrade".
>> I am also getting many from "Microsoft Net Message
Storage
>> System" to "Inet User". What in the world is going on
>> here? All I have done recently is update the XP machine
>> with the critical updates.
>
>.
>

Greetings --

What you received is either a very common malicious hoax or the
output of a computer infected by one of several wide-spread, mass
emailing worms. The most widely-known are:

W32.Swen.A_mm


W32.Dumaru_mm


W32.Gibe_mm


Microsoft never has, does not currently, and never will email
unsolicited security patches. At the most, if, and only if, you
subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.

There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.


Bruce Chambers

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


"Scott" > wrote in message
...
> All of a sudden I am getting a multitude of emails
> from "MS Corporation Public Support" to "MS Corporation
> Client" under the subject of "Current Security Upgrade".
> I am also getting many from "Microsoft Net Message Storage
> System" to "Inet User". What in the world is going on
> here? All I have done recently is update the XP machine
> with the critical updates.

On Tue, 23 Sep 2003 19:22:48 -0700, Scott wrote:

> How long will these keep coming? I delete them right
> away. Also, I have the latest .dat file from McAfee and
> run Zone Alarm, current upgrade too. How can this get
> through? Thanks for the information.
>>-----Original Message-----
>>In ,
>>Scott > typed:
>>
>>> All of a sudden I am getting a multitude of emails
>>> from "MS Corporation Public Support"
>>
>>
>>Nope. You're getting them from someone who wants to
> inflict a
>>virus on you.
>>
>>This is just the latest widespread virus attck.
>>
>>--
>>Ken Blake
>>Please reply to the newsgroup
>>
>>
>>> to "MS Corporation
>>> Client" under the subject of "Current Security Upgrade".
>>> I am also getting many from "Microsoft Net Message
> Storage
>>> System" to "Inet User". What in the world is going on
>>> here? All I have done recently is update the XP machine
>>> with the critical updates.
>>
>>.
>>

How long? Seems like it will be forever! The recent worms, Swen especially,
are extra aggressive and the amount of mail they send is HUGE. Eventually,
as folks with infected machines repair their systems, these things (mass
mailing by worms) die out. It just takes time.

--
Sharon F
MS-MVP - Windows XP Shell/User

My sympathies - last weekend I had more than 540 e-mails
(about 70% with attached viruses) in 37 hours. First time in
15 years!!
1) You should IMMEDIATELY mask (Munge) your e-mail
address:
http://www.mailmsg.com/SPAM_munging.htm!!
See my address (below bottom)!
Do it NOW!
Do the same in your e-mail client software!
Spammers use 'bots' to trawl the internet, looking for real
e-mail addresses to Spam!
2) Ask your ISP about changing your e-mail address. That's
what I did!
--
Hope this helps!

Pat Garard
Australia.
apgarardATbigpondDOTnetDOTau

> There's probably no way of blocking all of the bogus messages, but
> you can greatly reduce the number you get by creating a rule, based
> upon the most commonly used subject lines, to delete the emails from
> the server without ever downloading them.


Great advice Bruce. I've based my OE rule on the content because of
the random element of the subject line. If I receive an mail from
someone who is not in my Address Book and the words below are included
in the body of the message, the message is moved to my 'Suspected
Spam' folder -

Undelivered
Undeliverable
September 2003, Cumulative Patch

So far this has filtered all of those pesky trojan emails (almost 500
so far).

I've been looking at the full header for these messages. I'm trying
to discover if someone I know is infected with the SWEN worm. If I
look at the first Received By|From line in the header, will it give me
the name of the persons computer it was sent from? I can see that a
real email gives the proper computer name of one of my close friends.

I'm going to try and send a mail to my Address Book list, listing the
names of the infected machines, if this is reliable?

TIA,

Colin

"Pat Garard" > wrote in message
...
> My sympathies - last weekend I had more than 540 e-mails
> (about 70% with attached viruses) in 37 hours. First time in
> 15 years!!
> 1) You should IMMEDIATELY mask (Munge) your e-mail
> address:
> http://www.mailmsg.com/SPAM_munging.htm!!
> See my address (below bottom)!
> Do it NOW!
> Do the same in your e-mail client software!
> Spammers use 'bots' to trawl the internet, looking for real
> e-mail addresses to Spam!
> 2) Ask your ISP about changing your e-mail address. That's
> what I did!
> --
> Hope this helps!
>
> Pat Garard
> Australia.
> apgarardATbigpondDOTnetDOTau
>
Modified email addresses in any form are a bad idea; make them fake. The
original perpetrators have access to directory services and a
cross-comparison will net them a true address. It may not be *yours*, but
someone is going to get hit hard--again. Instead, request that all replies
be made to the newsgroup .

Malv