Bogus e-mail prompts virus warning

March 9, 2002

It looks like a helpful Microsoft Corp. security bulletin, but an e-mail that says it will protect a computer from viruses actually carries a virus itself, Microsoft officials warned Friday.

The bogus e-mail, called "Internet Security Update," reads much like a typical Microsoft security bulletin and even makes reference to a legitimate security update released several weeks ago.

But the e-mail, which began circulating worldwide earlier this week, also encourages users to run an attachment, named "q216309.exe."

Instead of patching security vulnerabilities, experts say the attachment will access a user's Microsoft Outlook e-mail address book and send itself to all the contacts.

The malicious program also leaves a virtual door open to further hacker attacks on the computer.

April Goostree, virus research manager with McAfee.com, said the e-mail is more annoying than serious, since most users appear to have realized it's a hoax.

"We've really just got minimal reports coming in," she said.

Scott Culp, head of Microsoft's security response center, said the company has seen several such bogus security updates in the past few years, but none so far have caused serious problems.

Users should be concerned about any e-mails purporting to be from Microsoft that don't direct a person to the company's Web site for downloads, Culp said, since Microsoft never sends e-mails with executable, or ".exe," attachments.

Microsoft also always "digitally signs" its security updates, Culp said, meaning it marks them with a sort of digital thumb print that verifies they are from Microsoft.

A guide to checking the company's digital signature or generally assessing whether an e-mail is from a bogus source is available on the company's security Web site, Culp said.