I just received an e-mail message that purported to be from the "Microsoft Corporation Security Center" with the following contained in the introduction and first paragraph:

Microsoft Customer,

This is the latest version of security update, the known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.

What's so scary is the file attached to the email (Q216309.exe) is actually a virus - known as W32.Gibe@mm.

More importantly, this virus is going to infect a lot of people, because it goes to such great lengths to appear convincing and legitimate.

For starters, this particular email references Microsoft's Security Bulletin MS02-005 - which is a legitimate bulletin.

Further a hyper-link to the Security Bulletin (contained in a subsequent paragraph within the email) does actually link to the real Microsoft Security page.

On top of this, Microsoft does offer a security patch, and even uses the same "qxxxxx.exe" naming format for such security updates - the real patch is Q316059.exe.

All in all, this is one very convincing invitation for self-infection!

And, that's the scary part.

Countless recipients will receive this file, visit the Microsoft site, verify the legitimacy of the security flaws and then confidently execute the attached virus, rather than downloading the real Microsoft patch.

Once infected, the virus will read both Outlook and Outlook Express address books (among other files) and send copies of itself to the addresses it finds - thus, continuing the cycle of infection.

If you receive such an e-mail, simply delete the message.

Published: March 12, 2002

Use of this article without permission is a violation of federal copyright laws.