I keep getting an email from “support@microsoft.com” with something like “Cool Screensaver” in the subject line and then nothing in the email - just an attachment, which is a “.att” file. I didn’t open the file, because the whole email looked a little weird.
If it is a virus, I’m pretty sure that it’s not actually coming from Microsoft, must be just going through its servers…
Any ideas as to what this might be ?
I am not an expert in these things but I am pretty sure that the mere fact that email appears on the surface to have come from support@microsoft.com means little. “Spoofing” email addresses (ie hiding the real sender and making it appear to come from someone else) is commonplace.
My tip is enter the whole name of the attachment into Google, and you will have your answer as to what this really is.
Unfortunatly I have deleted it, but since it came 3 time in the last 24 hours, I’m sure it will come again.
Thanks - I’ll try it when it does…
see
http://vil.mcafee.com/dispVirus.asp?virus_k=100307
amongst others
Sounds like your ISP or some AV software on your system may have filtered out the virus attachment - I got the same message today and my AV says it removed something called Screen_temp.pif. The ‘from’ header is indeed spoofed in an attempt to add an air of reputability to the message.
It is not even going through Microsoft’s servers. Faking a sender address is simplicity itself.
www.snopes.com has a section on current virus problems.
email is much like normail mail in this respect. If you get a paper envelope that says that it’s from Microsoft you can’t really be certain that it is from Microsoft. Anyone can send out mail making it look like it came from someone else.
I get those support @ microsoft ones a lot. Norton strips the attachments, though, so I’m not sure what junk is being sent to me, but I’ve always assumed it decidedly wasn’t Microsoft.
Thanks all - yeah we seem to have got it licked…
This is my work email (working for a large multinational) and they have pretty much got “the shit” when it comes to firewalls & PSNs. Nothing ever gets through, that’s why it had me wondering…
Thanks again…
Steven_G nailed it. This has been a very active worm lately. I only wanted to add that Microsoft never sends updates, patches, or anything else via email. If they want you to have something, they’ll link to their website. Because everyone understands the insecurity of email with regard to spoofing, this is true of pretty much anyone distributing software.
Just as an aside, how do you spoof an email address ?
Depends on your ISP. If they aren’t too stiff necked about things, you just change the address in your e-mail program. They’ll still know it was you, but a casual reader won’t.
The ISP I use lets you have access to an SMTP relay (for a couple of bucks extra a month.) I can send email with any “from” address I want. There is still a tag in the e-mail header that says what user it actually came from, however.
If I wanted to, I could rig a mail system (sendmail) on my PC, and use it to deliver the mail directly instead of going through my ISP’s servers. That wouldn’t have anything in it that I didn’t want you to know. If I all I did was allow sendmail to deliver directly but didn’t change anything else, right now you’d get mail with any “from” address I wanted, and a tag that it came from the server “Mortimer.Furd.” Which wouldn’t be real useful, since that is a private network and thus needn’t be registered anywhere.
Thanks Mort. Much obliged…
Virus from Microsoft, you say?
It’s been around for around 20 years. It’s called Windows. 
** Airman ** - that reminds me of the joke about Bill Gates in hell…
A hahhaahahahahaaaa
:D:D:D:D:D:D