This email from microsoft fake?

[Someguy03]

Notice who this message is from. It's claiming that its from microsoft, and wants me to download an attachment with the latest april security patch. Anyone think this is safe?


Date: Thu, 15 Apr 2004 10:01:55 -0500 (CDT)
Date: Date header was inserted by smtp.prodigy.net.mx
From: "Network Security Department" <[u]yczrydahka@news.com[/b]> Add to Address Book
Subject: Newest Critical Pack
To: @,




MS Customer

this is the latest version of security update, the "April 2004, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2004 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility

[MartinBradley]

Yes, it is fake, DON'T OPEN IT! Microsoft state that they will never send security updates by email. The email you recieved will be a virus. So don't open it, just delete it.

[Brian]

I believe if anything coming from Microsoft, the E-mail address would be something like support@microsoft.com.

But anyway, to be on the safe side.... Download that through http://Microsoft.com or http://www.WindowsUpdate.com .

[shifter]

The email address is a dead giveaway, although in some cases they can be masked or altered to appear legitimate as well. Another giveaway is that there is no unsubscribe link, MS would surely allow you to opt-out of any kind of email updates. And finally, the easiest way to know would be to ask yourself, "Have I signed up for an email update with Microsoft, and given them my email address?". The answer to that would likely be "No" as I don't believe MS even does this.

Since when does MS email security updates? It's most definitely NOT from MS. If you want to update, use the Windows update site, but never trust an email attachment. I get this kind of crap everyday, most of it is very convincing.

[detn8r]

Interesting. I got one of these emails aswell, but with a Outlook made email. Yes - it was from support@microsoft.com, but with Outlook, you can spoof any email.

The idiot you emailed you's smtp server is right in the email it self: smtp.prodigy.net.mx. Last time I checked Microsoft doesn't use Prodigy.

[Someguy03]

Ya the smtp server was the thing that made me notice it was fake. Plus the file attatchment, which was install8.exe. I also noticed that they have grammer errors, and I have never seen Microsoft use "MS" anywhere.

[David]

Uhm.....


* Microsoft DOES send security bulletins.
* Microsoft NEVER sends attachments
* Microsoft would surely use install_x86_en_april_2004_build3760.567.exe, they always use complex names,
* Microsoft will ALWAYS link you to an article or *.microsoft.com download link in their security bulletins
* All Microsoft mail is handled by *.Microsoft.com or *.MSFT.net
* It's possible for anyone to spoof any address, I can be BillGates@Microsoft.com or AOLSucks@aol.com.