Re: virus patch for VPC

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Fredrik Wahlgren (fredrik.p.wahlgren_at_mailbox.swipnet.se)
Date: 12/06/04 

Date: Mon, 6 Dec 2004 02:56:09 +0100

"Nariman Riahi" <nriahi@yahoo.com> wrote in message
news:BDD89D06.295A%nriahi@yahoo.com...
> On 12/5/04 10:51 AM, in article
> fe22271.0412051051.7748c889@posting.google.com, "Brenda"
> <brendaeuwer@earthlink.net> wrote:
>
> > "Fredrik Wahlgren" <fredrik.p.wahlgren@mailbox.swipnet.se> wrote in
message
> > news:<eJ5GrVg2EHA.1400@TK2MSFTNGP11.phx.gbl>...
> >> "Bob Harris" <plasticnitlion@wrappermindspring.com> wrote in message
> >> news:BDD716B6.44EBA%plasticnitlion@wrappermindspring.com...
> >>> Bill Leeper wrote:
> >>>> Bob Harris wrote:
> >>>>> Brenda wrote:
> >>>>>
> >>>>>>> I installed a virus protector in my VPC. I installed the AVG
6.0
> >>>>>>> (free edition)
> >>>>>>> I keep getting this MS security patch (in my e-mail)
> >>>>>>> and they recommend to install this patch for security. Does this
> >>>>>>> patch work with the AVG 6.0
> >>>>>>> or is it seperate? Should I install this patch?
> >>>>>
> >>>>> and Fredrik Wahlgren replied:
> >>>>>
> >>>>>> Don't EVER run any kind of "security patch" that comes with email.
If
> >> you
> >>>>>> run the attachment, you will get a a virus or some other kind
malware
> >> on
> >>>>>> your computer. The only way to get real patches from MS is to point
> >> your
> >>>>>> browser at: http://v4.windowsupdate.microsoft.com/en/default.asp
> >>>>>
> >>>>>
> >>>>> While I believe what you are saying, Fredrik, is there really any
> >> reason for
> >>>>> Brenda to trust what you're telling her more than what that
zombie-sent
> >>>>> e-mail is telling her? How does she know that URL is valid?
> >>>>>
> >>>>> Bob H
> >>>>
> >>>> If one is going to err in this matter then they should err on the
side
> >>>> of caution. Which would mean giving more credence to someone
advocating
> >>>> not to install the patch. And he is right, MS does not email patches
to
> >>>> people.
> >>>
> >>> Is it really that clear which side is the cautious one? Arnold says
"You
> >>> need to install this lock, otherwise someone can break into your
house".
> >>> Beth says "Don't install his lock, he has a pass key". To "err on the
> >> side
> >>> of caution", who do you trust?
> >>>
> >>> Understand, I'm not advocating that Brenda should install the e-mailed
> >>> patch. I'm convinced it's a spoof. The point is that Brenda has to
be
> >>> smart enough to understand whether she should trust that e-mail or
trust
> >>> advice from Fredrik.
> >>>
> >>> Fredrik also wrote:
> >>>> There is [a way to verify the URL is valid]. After you click on the
> >> link, make
> >>>> sure the text in the browser is the same as on the link.
> >>>
> >>> Suppose the URL were to
> >>> http://V4.WINDOWSUPDATE.MICR0SOFT.COM/EN/DEFAULT.ASP
> >>> Does that look like a valid URL? Depending on the font your browser
uses
> >> to
> >>> dipslay the URL, you may or may not notice the first oh in MICR0SOFT
is
> >>> really a zero. And that's a different place on the web than the
genuine
> >>> microsoft, right?
> >>>
> >>> Bob H
> >>>
> >>
> >> -Bob,
> >> you're right. I admit that a link may look valid and that when you
click on
> >> it, the browser will point at that link and yet you end up somewhere
else
> >> than on microsoft's site. I have to admit that submiiting a link to a
ng
> >> could be used as a way to trick people to download some malware to a
few
> >> computers. I have clicked on some of the URL's that were sent in order
to
> >> make people enter their credit card numbers or similar. In most - if
not
> >> all - of these cases, I could clearly see that I had come to sites
which
> >> clearly different from waht the sender wanted the recipients to
believe.
> >>
> >> / Fredrik
> > Hi Again,
> >
> > Ok, this is what I get often-
> > From: "MS Corporation Network Security
> > Section",bszvsucip@confidence.ms.com>
> > It says attachment (s) deleted due to virus:
> > 1. installer63.exe: W32 SwenA@mm
> >
> > Then I get another e-mail marked as junk that says
> > file attachment: hvzqebv.exe
> > The file attached to this e-mail was removed because it is infected
> > with the W32 Swen.A@mm virus.
> >
> > Are these fakes?
> > They do not send e-mails to people to tell them viruses have been
> > removed? right?
> >
> > Thank you
> > Brenda
> NOOOOOOOOOOOOOOOO. They DO NOT.
> You should never trust any email that talks about virus protection or
> deletion.
> You Virus protection software will not send you email. It will alert you.
On
> you desktop with a warning dialog. Microsoft will never send you an email
> about a virus. Rule of thumb is if you do not recognize the email address
> (and I have to say this email address is very much like a junk address
> bszvsucip@confidence.ms.com) then delete is right away. If you want to
know
> if your computer needs a Microsoft security patch go to
> windowsupdate.microsoft.com. It will tell you.
> Nariman
>

Microsoft can send you emails about malware. There's the TechNet
newsletter, that you can subscribe to. You have to register in order to get
it. Nevertheless, I agree with your statement that one should be careful
with email that talks about virus protection as they can be faked.

I'm not sure who "they" refers to in Breanda's response. This part should
come from the email supplier. One thing that you should be careful about is
when there's a line at the end claiming that the attachment has been scanned
for viruses. The idea is to make the recipient think that the senders email
software has verified that there's no virus and that it is safe to run. Good
email software should of course do this - and remove it - but as a
recipient you need to be careful. If you don't know or don't trust the
sender, delete it.

Still, this is not enough. Do you remeber the loveletter virus ? Once it had
infected a computer, it distributed itself to everyone in the outlook
contacts list and those that you may have visited in any IRC channel. The
evildoer that created it didn't elaborate much as to why you should open it.
It's a love letter! It was probably the best example of social engineering
ever. People would open it even if it came from someone they knew well but
knew they would never receive a loveletter from. Maybe they assumed it was
meant for someone else but sent to the them by mistake. The attachment was
named something similar to loveletter.txt.vbs. Most people would only see
the txt extension and assume it was safe to open. In reality, it was a vbs
script file.

If you want to make disable scripting, this is what you need to do:

Windows 2000/Me/XP/2003
WSH is installed by default. (Windows Scripting Host)

To prevent scripts with a .VBS extension from being run:

  1.. Log on as an Administrator.
  2.. On the 'Desktop', or in 'Windows Explorer', right-click on 'My
Computer'.
  3.. Select 'Open' from the menu.
  4.. In the 'My Computer' window, open the 'Tools' menu and select 'Folder
Options'.
  5.. Open the 'File Types' tabbed page.
  6.. Look for 'VBScript Script File' in the list of file types (if you
can't find it, you don't need to do anything else).
  7.. Click on the 'Delete' button.
  8.. If you see a dialog asking you to confirm removal, click 'Yes'.
/ Fredrik

Quantcast