geekroom

Here‘s professional information about the Dumaru virus, including a removal tool. Below are some questions:

Why does ‘Microsoft’ have my email address? Has ‘Microsoft’ ever sent out a patch by email? Would they do this by spamming? If they did spam to get people to patch, why would they send the patch as an attachment to an email, which EVERYONE knows is easy to forge? Maybe they would have some sophisticated technology which would allow them to point users to a website such as http://windowsupdate.microsoft.com? I’ve been hearing a lot of buzz lately about something called a ‘URL’; maybe that could be used for this purpose.

Why are they using exclamation points after the subject and every sentence? Why would they start the message “Dear Friend”? Isn’t that what spammers do? Wouldn’t Microsoft want a more corporate voice?

Why do they have the incompetent punctuation habit of putting a space between a word and the mark which follows it? Why would they write 500,000 with a dot instead of a comma? They’re an American company, right?

Why is the “patch” named “patch.exe”? Wouldn’t you expect that perhaps Microsoft has issued more than one patch for their many products over the years? Maybe they would want to give them names which might distinguish them from one another? And why haven’t they bothered saying which vulnerability the patch is for?

Why did this message enter Harvard’s mail system from someone’s infected home machine in Virginia? Isn’t Microsoft out west? And don’t they own their own computers?

Received: from localhost (h24-82-236-138.va.shawcable.net [24.82.236.138])
	by netopc.harvard.edu (8.11.6/8.11.6) with SMTP id h7NKBPU13613
	for ; Sat, 23 Aug 2003 16:11:25 -0400

Date: Sat, 23 Aug 2003 16:11:25 -0400
From: 'Microsoft' 
Subject: Use this patch immediately !

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

Content-Disposition: attachment; filename=patch.exe