I just got an Email It looked identical to an Email from microsoft it ciams
to be about a network security patch there is no need to click on anything
it infects your computer as soon as you recieve it below are the details

Win32:Swen
is a worm, spreading through e-mail, shared folders, Kazaa P2P network and
IRC. It switches off antiviral and personal firewall software on the
infected computers.
It fakes the "From:" field in the infected e-mails. The worm length is
106496 bytes. Being runned, the worm copies oneself to the %WINDIR% folder
(%WINDIR% is a system variable containing the name of the Windows folder.
Usually C:\Windows or C:\WinNT.) as a randomly named file. It creates files
named germs0.dbv, swen1.dat and %COMPUTERNAME%.bat (%COMPUTERNAME% is a
system variable containing the computer name.) in the %WINDIR% folder. It
searches for a number of antiviral and personal firewall programs on the
infected computer and tries to stop the found programs. It does changes to
the registry database:

It creates randomly named item in the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with a
value referring to the worm file in the % WINDIR %. This item ensures the
worm is started with the Windows.



It sets the value of the DisableRegistryTools item in the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
key to the "1". Thus, Windows registry database editing is disabled.
The "default" item in the HKEY_LOCAL_MACHINE\Software\CLASSES\ key subkeys
batfile\shell\open\command
comfile\shell\open\command
exefile\shell\open\command
piffile\shell\open\command
regfile\shell\open\command
scrfile\shell\open\command
is modified so, that before running any file with bat, com, exe, pif, reg or
scr extension the worm is always runned.
It creates randomly named subkey in the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\. In
the subkey these items are always created:
CacheBox Outfit="yes"
Installed="...by Begbie"
Install Item=the item from the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key
Unfile=randomly generated name of a file, containing the reference to the
%ComputerName%.bat file
These items might exist:
Email Address=the user e-mail address, obtained from the registry database
Mirc Install Folder=the folder where the MIRC system resides
Server=the SMTP server IP address obtained from the registry database
ZipName
It the Kazaa P2P system is installed, the worm adds items

Dir99= 012345:"the Kazaa shared folder name"
DisableSharing="0"

to the key HKEY_CURRENT_USER\Software\Kazaa\LocalContent.

The running worm checks, if a registry database editor is runned. If so, the
worm displays an error message and disables the editor. Periodically,
"MAPI32 Exception Error" window is displayed. The window demands input of
the mail account parameters - SMTP and POP3 server address, account name and
password, user's nickname. This is the MAPI32 Exception Error window:

Microsoft never send alerts with emails


"Will" <imagine_44@yahoo.com> wrote in message
news:E796EFF7-AB01-4E9E-8232-D5E009C88AA8@microsoft.com...
>I just got an Email It looked identical to an Email from microsoft it ciams
>to be about a network security patch there is no need to click on anything
>it infects your computer as soon as you recieve it below are the details
>
> Win32:Swen
> is a worm, spreading through e-mail, shared folders, Kazaa P2P network and
> IRC. It switches off antiviral and personal firewall software on the
> infected computers.
> It fakes the "From:" field in the infected e-mails. The worm length is
> 106496 bytes. Being runned, the worm copies oneself to the %WINDIR% folder
> (%WINDIR% is a system variable containing the name of the Windows folder.
> Usually C:\Windows or C:\WinNT.) as a randomly named file. It creates
> files named germs0.dbv, swen1.dat and %COMPUTERNAME%.bat (%COMPUTERNAME%
> is a system variable containing the computer name.) in the %WINDIR%
> folder. It searches for a number of antiviral and personal firewall
> programs on the infected computer and tries to stop the found programs. It
> does changes to the registry database:
>
> It creates randomly named item in the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with a
> value referring to the worm file in the % WINDIR %. This item ensures the
> worm is started with the Windows.
>
> It sets the value of the DisableRegistryTools item in the
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
> key to the "1". Thus, Windows registry database editing is disabled.
> The "default" item in the HKEY_LOCAL_MACHINE\Software\CLASSES\ key subkeys
> batfile\shell\open\command
> comfile\shell\open\command
> exefile\shell\open\command
> piffile\shell\open\command
> regfile\shell\open\command
> scrfile\shell\open\command
> is modified so, that before running any file with bat, com, exe, pif, reg
> or scr extension the worm is always runned.
> It creates randomly named subkey in the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\. In
> the subkey these items are always created:
> CacheBox Outfit="yes"
> Installed="...by Begbie"
> Install Item=the item from the
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key
> Unfile=randomly generated name of a file, containing the reference to the
> %ComputerName%.bat file
> These items might exist:
> Email Address=the user e-mail address, obtained from the registry database
> Mirc Install Folder=the folder where the MIRC system resides
> Server=the SMTP server IP address obtained from the registry database
> ZipName
> It the Kazaa P2P system is installed, the worm adds items
>
> Dir99= 012345:"the Kazaa shared folder name"
> DisableSharing="0"
>
> to the key HKEY_CURRENT_USER\Software\Kazaa\LocalContent.
>
> The running worm checks, if a registry database editor is runned. If so,
> the worm displays an error message and disables the editor. Periodically,
> "MAPI32 Exception Error" window is displayed. The window demands input of
> the mail account parameters - SMTP and POP3 server address, account name
> and password, user's nickname. This is the MAPI32 Exception Error window:
>
>

More information

The running worm checks, if a registry database editor is runned. If so, the
worm displays an error message and disables the editor. Periodically,
"MAPI32 Exception Error" window is displayed. The window demands input of
the mail account parameters - SMTP and POP3 server address, account name and
password, user's nickname. This is the MAPI32 Exception Error window:



The worm sends oneself on the mail addresses found on the infected computer.
The message parameters ("From:", "Subject:", message body, attachment name)
are variable. The worm masks itself as security patch from Microsoft or as a
returned undeliverable message. Only the attachment size is always same. The
worm can use specially crafted creates MIME header, that on the MS Outlook
Express versions with the MS01-020 bug enable it is runned automatically
when the message is read.

The worm copies oneself to the Startup folders on the shared disks. The worm
searches for the folder with a IRC client on the infected computer and
changes the file script.ini so the IRC client sends the worm copies to the
users in the same IRC channel.

If the Kazaa system is installed on the infected computer, the worm creates
randomly named folder in the %TEMP% (%TEMP% is a system variable containing
the name of the folder for temporary files store) folder and creates there
multiple copies of itself with a different names. It shares the folder.




"Will" <imagine_44@yahoo.com> wrote in message
news:E796EFF7-AB01-4E9E-8232-D5E009C88AA8@microsoft.com...
>I just got an Email It looked identical to an Email from microsoft it ciams
>to be about a network security patch there is no need to click on anything
>it infects your computer as soon as you recieve it below are the details
>
> Win32:Swen
> is a worm, spreading through e-mail, shared folders, Kazaa P2P network and
> IRC. It switches off antiviral and personal firewall software on the
> infected computers.
> It fakes the "From:" field in the infected e-mails. The worm length is
> 106496 bytes. Being runned, the worm copies oneself to the %WINDIR% folder
> (%WINDIR% is a system variable containing the name of the Windows folder.
> Usually C:\Windows or C:\WinNT.) as a randomly named file. It creates
> files named germs0.dbv, swen1.dat and %COMPUTERNAME%.bat (%COMPUTERNAME%
> is a system variable containing the computer name.) in the %WINDIR%
> folder. It searches for a number of antiviral and personal firewall
> programs on the infected computer and tries to stop the found programs. It
> does changes to the registry database:
>
> It creates randomly named item in the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with a
> value referring to the worm file in the % WINDIR %. This item ensures the
> worm is started with the Windows.
>
> It sets the value of the DisableRegistryTools item in the
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
> key to the "1". Thus, Windows registry database editing is disabled.
> The "default" item in the HKEY_LOCAL_MACHINE\Software\CLASSES\ key subkeys
> batfile\shell\open\command
> comfile\shell\open\command
> exefile\shell\open\command
> piffile\shell\open\command
> regfile\shell\open\command
> scrfile\shell\open\command
> is modified so, that before running any file with bat, com, exe, pif, reg
> or scr extension the worm is always runned.
> It creates randomly named subkey in the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\. In
> the subkey these items are always created:
> CacheBox Outfit="yes"
> Installed="...by Begbie"
> Install Item=the item from the
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key
> Unfile=randomly generated name of a file, containing the reference to the
> %ComputerName%.bat file
> These items might exist:
> Email Address=the user e-mail address, obtained from the registry database
> Mirc Install Folder=the folder where the MIRC system resides
> Server=the SMTP server IP address obtained from the registry database
> ZipName
> It the Kazaa P2P system is installed, the worm adds items
>
> Dir99= 012345:"the Kazaa shared folder name"
> DisableSharing="0"
>
> to the key HKEY_CURRENT_USER\Software\Kazaa\LocalContent.
>
> The running worm checks, if a registry database editor is runned. If so,
> the worm displays an error message and disables the editor. Periodically,
> "MAPI32 Exception Error" window is displayed. The window demands input of
> the mail account parameters - SMTP and POP3 server address, account name
> and password, user's nickname. This is the MAPI32 Exception Error window:
>
>

Will wrote:
> More information

<----------------snip-------------->

Microsoft never sends security alerts with emails.
Never.
Frank

"Frank" <fb@nospamm.cmm> wrote in message
news:%23X6q48H$GHA.1128@TK2MSFTNGP05.phx.gbl...
> Will wrote:
>> More information
>
> <----------------snip-------------->
>
> Microsoft never sends security alerts with emails.
> Never.
> Frank

Well, the important missing part is "uncolicited". Because MS has all kinds
of notification options including MSN/Live Alerts (including e-mail option),
e-mail notifications and RSS feeds. You just have to subscribe to get them.

--
Alexander Suhovey

The Swen attachment on a Microsoft Email is a very old fraud, several years.
Microsoft NEVER sends Emails with attachments unsolicited.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Will" <imagine_44@yahoo.com> wrote in message
news:E796EFF7-AB01-4E9E-8232-D5E009C88AA8@microsoft.com...
>I just got an Email It looked identical to an Email from microsoft it ciams
>to be about a network security patch there is no need to click on anything
>it infects your computer as soon as you recieve it below are the details
>
> Win32:Swen
> is a worm, spreading through e-mail, shared folders, Kazaa P2P network and
> IRC. It switches off antiviral and personal firewall software on the
> infected computers.
> It fakes the "From:" field in the infected e-mails. The worm length is
> 106496 bytes. Being runned, the worm copies oneself to the %WINDIR% folder
> (%WINDIR% is a system variable containing the name of the Windows folder.
> Usually C:\Windows or C:\WinNT.) as a randomly named file. It creates
> files named germs0.dbv, swen1.dat and %COMPUTERNAME%.bat (%COMPUTERNAME%
> is a system variable containing the computer name.) in the %WINDIR%
> folder. It searches for a number of antiviral and personal firewall
> programs on the infected computer and tries to stop the found programs. It
> does changes to the registry database:
>
> It creates randomly named item in the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with a
> value referring to the worm file in the % WINDIR %. This item ensures the
> worm is started with the Windows.
>
> It sets the value of the DisableRegistryTools item in the
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
> key to the "1". Thus, Windows registry database editing is disabled.
> The "default" item in the HKEY_LOCAL_MACHINE\Software\CLASSES\ key subkeys
> batfile\shell\open\command
> comfile\shell\open\command
> exefile\shell\open\command
> piffile\shell\open\command
> regfile\shell\open\command
> scrfile\shell\open\command
> is modified so, that before running any file with bat, com, exe, pif, reg
> or scr extension the worm is always runned.
> It creates randomly named subkey in the key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\. In
> the subkey these items are always created:
> CacheBox Outfit="yes"
> Installed="...by Begbie"
> Install Item=the item from the
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key
> Unfile=randomly generated name of a file, containing the reference to the
> %ComputerName%.bat file
> These items might exist:
> Email Address=the user e-mail address, obtained from the registry database
> Mirc Install Folder=the folder where the MIRC system resides
> Server=the SMTP server IP address obtained from the registry database
> ZipName
> It the Kazaa P2P system is installed, the worm adds items
>
> Dir99= 012345:"the Kazaa shared folder name"
> DisableSharing="0"
>
> to the key HKEY_CURRENT_USER\Software\Kazaa\LocalContent.
>
> The running worm checks, if a registry database editor is runned. If so,
> the worm displays an error message and disables the editor. Periodically,
> "MAPI32 Exception Error" window is displayed. The window demands input of
> the mail account parameters - SMTP and POP3 server address, account name
> and password, user's nickname. This is the MAPI32 Exception Error window:

On Mon, 30 Oct 2006 22:34:07 -0000, Will <imagine_44@yahoo.com> wrote:

> I just got an Email It looked identical to an Email from microsoft it
> ciams to be about a network security patch there is no need to click on
> anything it infects your computer as soon as you recieve it below are
> the details
>
> Win32:Swen

If you managed to get SWEN by simply viewing the message, then your system
is SERIOUSLY out of date, as this was patched well over a year back, if
not longer, pre-SP2 infact...

Once you get this thing off your system, get SP2 on it ASAP, along with
the latest updates from Windows Update...

Additionally, you might want to pick an inherriently secure
browser/email/newsgroup reader: http://www.opera.com

Let's clear this up. MSFT does not send attachments as Jones says and MSFT
does not send patches/hotfixesthat you directly click, never has and never
will ***unless you have contacted them for niche hot fixes. There are
hundreds of MSKBS for this practice* and after screening your need for the
niche hotfix mentioned in the MSKB at http://support.microsoft.com , (those
say say "contact us") they will send you a niche hotfix for a particular
problem, always phrased in the KB with the caveat that they are
non-regression tested and they have a standard speil they usually read on
the phone to warn you of this once again. They may or may not fix the
problem. It's software and they haven't been through the full panoply of
usual testing. These are then sent to your inbox as self extracting zip
files with passwords.

MSFT will often send security alerts days to two weeks before their monthly
notifications in these bulletins delivered by a variety of means as Technet
says.

http://www.microsoft.com/technet/sec...in/notify.mspx

Security Bulletin Search Webpage:
http://www.microsoft.com/technet/security/current.aspx

MSFT sends every one of these alerts using MRSC PGP digital signatures as
outlined here:

https://www.microsoft.com/technet/se...letin/pgp.mspx

A quote on PGP Signatures Used from MSFT:

"Verifying Our Digital Signature
Pretty Good Privacy (PGP) is an Internet standard for digitally signing and
encrypting e-mail and other documents. The Microsoft Security Response
Center (MSRC) uses PGP to digitally sign all security notifications.
However, it is not required to read security notifications, read security
bulletins, or install security updates. You can obtain the MSRC public PGP
key at the MSRC PGP Web page. Numerous third-party vendors produce
PGP-compatible applications for a variety of platforms, but Microsoft cannot
recommend the right solution for your environment."

Microsoft Technical Security Notifications
October 11, 2005

http://www.microsoft.com/technet/sec...y.mspx?pf=true

Better protect your computing environment by keeping up to date on Microsoft
technical security notifications. Notifications are available in RSS,
instant message, mobile device, or e-mail format, and are always available
online at TechNet on the Security Bulletin Search Web page.

For Home and Consumers
Learn about newly released and re-released security bulletins. Select from
the following alerts:

E-mail: Security Newsletter for Home Users
Really Simple Syndication: Security At Home
Instant Messenger Alert: Security Update Summary Alerts
Web Site: New Security Information

Most viruses, trojans, and blended threats disguised as MSFT do not infect
you on just opening the email, but I'm sure some could. MSFT is usually
quick to publish them and while the particular virus has been used before in
a hoax, Will should post the entire header and send it to MSFT.

The information could be screen shot and copy pasted and sent to MSFT via
this link:
http://go.microsoft.com/?linkid=2028460

Very wrongly phrased. For years and years MSFT has always sent alerts again
alerts again alerts RR Welcome to Technet and MSFT for years. They have if
anything beefed up the number of ways to get them.

Security Bulletins are here:
http://www.microsoft.com/technet/security/current.aspx

CH


"RoadRunner" <watda****@hotmail.com> wrote in message
news:e0eFtRH$GHA.4428@TK2MSFTNGP04.phx.gbl...
> Microsoft never send alerts with emails
>
>
> "Will" <imagine_44@yahoo.com> wrote in message
> news:E796EFF7-AB01-4E9E-8232-D5E009C88AA8@microsoft.com...
>>I just got an Email It looked identical to an Email from microsoft it
>>ciams to be about a network security patch there is no need to click on
>>anything it infects your computer as soon as you recieve it below are the
>>details
>>
>> Win32:Swen
>> is a worm, spreading through e-mail, shared folders, Kazaa P2P network
>> and IRC. It switches off antiviral and personal firewall software on the
>> infected computers.
>> It fakes the "From:" field in the infected e-mails. The worm length is
>> 106496 bytes. Being runned, the worm copies oneself to the %WINDIR%
>> folder (%WINDIR% is a system variable containing the name of the Windows
>> folder. Usually C:\Windows or C:\WinNT.) as a randomly named file. It
>> creates files named germs0.dbv, swen1.dat and %COMPUTERNAME%.bat
>> (%COMPUTERNAME% is a system variable containing the computer name.) in
>> the %WINDIR% folder. It searches for a number of antiviral and personal
>> firewall programs on the infected computer and tries to stop the found
>> programs. It does changes to the registry database:
>>
>> It creates randomly named item in the key
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, with a
>> value referring to the worm file in the % WINDIR %. This item ensures the
>> worm is started with the Windows.
>>
>> It sets the value of the DisableRegistryTools item in the
>> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
>> key to the "1". Thus, Windows registry database editing is disabled.
>> The "default" item in the HKEY_LOCAL_MACHINE\Software\CLASSES\ key
>> subkeys
>> batfile\shell\open\command
>> comfile\shell\open\command
>> exefile\shell\open\command
>> piffile\shell\open\command
>> regfile\shell\open\command
>> scrfile\shell\open\command
>> is modified so, that before running any file with bat, com, exe, pif, reg
>> or scr extension the worm is always runned.
>> It creates randomly named subkey in the key
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\.
>> In the subkey these items are always created:
>> CacheBox Outfit="yes"
>> Installed="...by Begbie"
>> Install Item=the item from the
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key
>> Unfile=randomly generated name of a file, containing the reference to the
>> %ComputerName%.bat file
>> These items might exist:
>> Email Address=the user e-mail address, obtained from the registry
>> database
>> Mirc Install Folder=the folder where the MIRC system resides
>> Server=the SMTP server IP address obtained from the registry database
>> ZipName
>> It the Kazaa P2P system is installed, the worm adds items
>>
>> Dir99= 012345:"the Kazaa shared folder name"
>> DisableSharing="0"
>>
>> to the key HKEY_CURRENT_USER\Software\Kazaa\LocalContent.
>>
>> The running worm checks, if a registry database editor is runned. If so,
>> the worm displays an error message and disables the editor. Periodically,
>> "MAPI32 Exception Error" window is displayed. The window demands input of
>> the mail account parameters - SMTP and POP3 server address, account name
>> and password, user's nickname. This is the MAPI32 Exception Error window:
>>
>>
>
>

Let's clear this up. MSFT does not send attachments as Jones says and MSFT
does not send patches/hotfixesthat you directly click, never has and never
will ***unless you have contacted them for niche hot fixes. There are
hundreds of MSKBS for this practice* and after screening your need for the
niche hotfix mentioned in the MSKB at http://support.microsoft.com , (those
say say "contact us") they will send you a niche hotfix for a particular
problem, always phrased in the KB with the caveat that they are
non-regression tested and they have a standard speil they usually read on
the phone to warn you of this once again. They may or may not fix the
problem. It's software and they haven't been through the full panoply of
usual testing. These are then sent to your inbox as self extracting zip
files with passwords.

MSFT will often send security alerts days to two weeks before their monthly
notifications in these bulletins delivered by a variety of means as Technet
says.

http://www.microsoft.com/technet/sec...in/notify.mspx

Security Bulletin Search Webpage:
http://www.microsoft.com/technet/security/current.aspx

MSFT sends every one of these alerts using MRSC PGP digital signatures as
outlined here:

https://www.microsoft.com/technet/se...letin/pgp.mspx

A quote on PGP Signatures Used from MSFT:

"Verifying Our Digital Signature
Pretty Good Privacy (PGP) is an Internet standard for digitally signing and
encrypting e-mail and other documents. The Microsoft Security Response
Center (MSRC) uses PGP to digitally sign all security notifications.
However, it is not required to read security notifications, read security
bulletins, or install security updates. You can obtain the MSRC public PGP
key at the MSRC PGP Web page. Numerous third-party vendors produce
PGP-compatible applications for a variety of platforms, but Microsoft cannot
recommend the right solution for your environment."

Microsoft Technical Security Notifications
October 11, 2005

http://www.microsoft.com/technet/sec...y.mspx?pf=true

Better protect your computing environment by keeping up to date on Microsoft
technical security notifications. Notifications are available in RSS,
instant message, mobile device, or e-mail format, and are always available
online at TechNet on the Security Bulletin Search Web page.

For Home and Consumers
Learn about newly released and re-released security bulletins. Select from
the following alerts:

E-mail: Security Newsletter for Home Users
Really Simple Syndication: Security At Home
Instant Messenger Alert: Security Update Summary Alerts
Web Site: New Security Information

Most viruses, trojans, and blended threats disguised as MSFT do not infect
you on just opening the email, but I'm sure some could. MSFT is usually
quick to publish them and while the particular virus has been used before in
a hoax, Will should post the entire header and send it to MSFT.

The information could be screen shot and copy pasted and sent to MSFT via
this link:
http://go.microsoft.com/?linkid=2028460

Very wrongly phrased. For years and years MSFT has always sent alerts again
alerts again alerts RR Welcome to Technet and MSFT for years. They have if
anything beefed up the number of ways to get them.

Security Bulletins are here:
http://www.microsoft.com/technet/security/current.aspx

CH

"Frank" <fb@nospamm.cmm> wrote in message
news:%23X6q48H$GHA.1128@TK2MSFTNGP05.phx.gbl...
> Will wrote:
>> More information
>
> <----------------snip-------------->
>
> Microsoft never sends security alerts with emails.
> Never.
> Frank

Get it Straight! MSFT Has Sent "Alerts"/Multiple Ways With Emails for
Years

Let's clear this up. MSFT does not send attachments as Jones says and MSFT
does not send patches/hotfixesthat you directly click, never has and never
will ***unless you have contacted them for niche hot fixes. There are
hundreds of MSKBS for this practice* and after screening your need for the
niche hotfix mentioned in the MSKB at http://support.microsoft.com , (those
say say "contact us") they will send you a niche hotfix for a particular
problem, always phrased in the KB with the caveat that they are
non-regression tested and they have a standard speil they usually read on
the phone to warn you of this once again. They may or may not fix the
problem. It's software and they haven't been through the full panoply of
usual testing. These are then sent to your inbox as self extracting zip
files with passwords.

MSFT will often send security alerts days to two weeks before their monthly
notifications in these bulletins delivered by a variety of means as Technet
says.

http://www.microsoft.com/technet/sec...in/notify.mspx

Security Bulletin Search Webpage:
http://www.microsoft.com/technet/security/current.aspx

MSFT sends every one of these alerts using MRSC PGP digital signatures as
outlined here:

https://www.microsoft.com/technet/se...letin/pgp.mspx

A quote on PGP Signatures Used from MSFT:

"Verifying Our Digital Signature
Pretty Good Privacy (PGP) is an Internet standard for digitally signing and
encrypting e-mail and other documents. The Microsoft Security Response
Center (MSRC) uses PGP to digitally sign all security notifications.
However, it is not required to read security notifications, read security
bulletins, or install security updates. You can obtain the MSRC public PGP
key at the MSRC PGP Web page. Numerous third-party vendors produce
PGP-compatible applications for a variety of platforms, but Microsoft cannot
recommend the right solution for your environment."

Microsoft Technical Security Notifications
October 11, 2005

http://www.microsoft.com/technet/sec...y.mspx?pf=true

Better protect your computing environment by keeping up to date on Microsoft
technical security notifications. Notifications are available in RSS,
instant message, mobile device, or e-mail format, and are always available
online at TechNet on the Security Bulletin Search Web page.

For Home and Consumers
Learn about newly released and re-released security bulletins. Select from
the following alerts:

E-mail: Security Newsletter for Home Users
Really Simple Syndication: Security At Home
Instant Messenger Alert: Security Update Summary Alerts
Web Site: New Security Information

Most viruses, trojans, and blended threats disguised as MSFT do not infect
you on just opening the email, but I'm sure some could. MSFT is usually
quick to publish them and while the particular virus has been used before in
a hoax, Will should post the entire header and send it to MSFT.

The information could be screen shot and copy pasted and sent to MSFT via
this link:
http://go.microsoft.com/?linkid=2028460

Very wrongly phrased. For years and years MSFT has always sent alerts again
alerts again alerts RR Welcome to Technet and MSFT for years. They have if
anything beefed up the number of ways to get them.

Security Bulletins are here:
http://www.microsoft.com/technet/security/current.aspx

CH

"Frank" <fb@nospamm.cmm> wrote in message
news:%23X6q48H$GHA.1128@TK2MSFTNGP05.phx.gbl...
> Will wrote:
>> More information
>
> <----------------snip-------------->
>
> Microsoft never sends security alerts with emails.
> Never.
> Frank