Anyone else see this supposed "security" e-mail?

[RealityChuck]

One of our users got the following e-mail today:

Dear ladies and gentlemen,
As discovered recently, the microsoft windows software
is still not protected against attacks from the internet.
For preventing any damage to your own system, your own
software and for shielding it against any unauthorized
attacks from the internet, we advice you to install the
new “Microsoft Baseline Security Analyzer”.
Please follow the attached instructions for downloading
and setting up of the “Microsoft Baseline Security Analyzer”.
Or click the following link:

I didn’t include the link. It goes to a web page that immediately tries to download software onto your computer.

There is a “Microsoft Baseline Security Analyzer,” but I can’t think of any legitimate reason why a third-party site would be contacting you, and making you download it from their site and not Microsoft’s.

A search through Google and Symantec didn’t help. It’s obviously fishy, but does anyone know what it is?

[zev_steinhardt]

I got it too, but disregarded it.

When Microsoft has any updates, you should go to www.windowsupdate.com for authorized patches.

Zev Steinhardt

[Number]

This sounds similar to a scam that Snopes posted last week.

[RealityChuck]

Bingo! A search for the website name shows it come from Aconti.net, which is listed as spyware by both AdAware and Spybot.

Zev – I ignored it, too, but we have a lot of users who may not, and then I have to clean up after them.

[gotpasswords]

The standing rule: Microsoft does not send out emails to users advising them to make any updates unless the user has subscribed to the Microsoft Security Notification Service.

These alerts are exceedingly technical in nature, and while they’re obtuse, the grammar and spelling is perfect. (No “we advice you to install” goofs!) They’re also sent out with a PGP signature. Here’s just a tiny sample from a recent alert:

*Summary
Who should read this bulletin: Systems administrators running Microsoft ® Windows ® 2000
Impact of vulnerability: Run code of attacker’s choice
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the patch immediately
Affected Software: Microsoft Windows 2000

Technical details

Technical description:
Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV, and results because the component contains an unchecked buffer.

yada, yada, yada…
*