Several readers have alerted us to a fake Microsoft email circulating with a malicious attachment. If you are blocking executables at your email servers, there should not be a problem. The email looks like this, but might vary a bit: Subject: Security Update for OS Microsoft Windows 31Q8WAOREI4H0A7OF4UDTOG8HAXPAZ ZSDHKKLZ099I6Y03BO91DGUTQMMFT0 EJ4UN52NIIB4VF78224S7BCNFH3NP9 I2YU34EL9XJQGS7C5GMDU4FJUIC3M3 -----END PGP SIGNATURE----- Notice the legitimate signature block and PGP signature. Sorry, Steve, I guess you are a popular guy!
Marcus H. Sachs Director, SANS Internet Storm Center |
Marcus 301 Posts ISC Handler Oct 10th 2008 |
Thread locked Subscribe |
Oct 10th 2008 1 decade ago |
Is the PGP signature valid. Would this not mean that Mr. Lipner's PGP private keys were compromised?
|
Anonymous |
Quote |
Oct 10th 2008 1 decade ago |
The signature is invalid, and essentially is just ASCII nonsense. You may notice that there is no PGP BEGIN block. As a result, no e-mail client will attempt to verify the signature.
|
Maarten 158 Posts |
Quote |
Oct 14th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!