Just received the following purporting to be from ntlworld. Any truth in this?

Dear Customer,
Microsoft have contacted us to tell us about a weakness in their Messenger application, which they supply with Windows 2000 and Windows XP operating systems.

If you are using either of these systems your PC could be vulnerable to a computer virus attack and we thought we should make you aware of Microsoftâ₠¬â„¢s warning.

Donââ‚Âà ‚¬ÃƒÂ¢Ã¢â‚¬Å¾Ã‚¢t worry though, it is easy to fix!

Microsoft have issued a free update to Windows 2000 and Windows XP and below are simple instructions on how to obtain this upgrade and install it on your PC.

We hope you find this email helpful and thank you for being an NTL Internet customer.

Kindest regards

ntl:home Internet Security
Windows 98, Windows ME and Macintosh users are unaffected by this security risk, and do NOT need to download any additional security patches or updates.

Customers should take the following steps to ensure that they are not impacted by any future virus attack exploiting this weakness by taking the following steps:-

1. Update your machine with the appropriate software update (patch) for your operating system.
The links for the various operating systems are listed below. Just click on the link for your operating system, and this will take you directly to the Microsoft Site

The software updates (patches) for the specific
versions are as follows:- If you are unsure of which Windows
operating system you are using, simply:
1. Click Start, and then click Run.

2. In the box, type winver, and then click OK.

The window that appears will show you which version of Windows your computer is using.

Windows XP (Home or Pro): Click here

Windows 2000: Click here

2. Ensure that a Firewall is in place to prevent unauthorised
access to your machine.
If you do not have Firewall Software a free version is available from
www.zonealarm.com/ntl

3. Do not open email attachments from anyone that you do not recognise or trust.

4. Regularly visit www.windowsupdate.com and check for new updates.
It is strongly recommended that you update your computer with any security updates suggested here.
There have been a number of Security Alerts recently, Microsoft have launched a new site to ensure that customers using Microsoft products are kept up to date. Microsoft recommends that customers visit this site regularly to keep up to date. If you have any questions about this please use the †œContact usâ₠¬Ãƒâ€šÃ‚Â� link on the site below.

http://www.microsoft.com/security/
For easy reference, Microsoft, have given this a number which is MS03-043. Further information can be found at:-
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-043.asp
© ntl Group Ltd 2003 | Privacy policy | Terms of use | Contact us | Feedback | Affiliate scheme

<edit> Yep, would appear to be genuine - just looked suspiciously like that Microsoft one which went around.

If you look on the ntlworld home page there is some info on there about it

<snip>

Very true, No hoax just a bit late lol !!!

If it appears on the microsoft/security website then it should be legit .. Never install a patch sent to you by Micro$oft as they DO not send out patches in emails only connect to their site ie. http://www.microsoft.com/security

It is only the 4.5 & 4.6 versions of msn that are affected (according to symantec's report). these were older types, usually shipped in with the xp and 2000 versions of windows and so by updating them you would be safe. But anyone who is worried they recommend you update your virus checker to fall stall any problems and also windows update as well. But these glitches were detected a few weeks ago so if you altermatically upgrade you should be covered.

Like many other customers, I reported this email to ntl and was amazed to hear from them that they sent it.

The email says †œJust click on the link for your operating system, and this will take you directly to the Microsoft Siteâ₠¬Ã‚Â�. This is not true. The links take you to microsoft's site via an invisible redirect through http://emarketing.eqtr.com/email_tracker/ (http://emarketing.eqtr.com/email_tracker/). We can only speculate about what ntl are up to. Security threats constitute the biggest obstacle to the future development of the internet.

When your Internet Service Provider becomes a security threat itself by sending out these cynical data-mining emails, it's probably time to switch to a new ISP.


Most experienced computer users know that they should never attempt to download a security patch for Windows or Microsoft Messenger via a link received from an unsolicited email - however "authentic" that email may look.


I sent the following report to Microsoft.com together with a copy of the email:


I would like to draw your attention to the misuse of your company website address by my Internet Service Provider - UK based ntl Group Limited(http://www.ntlworld.com).


As a customer of their dial-up service I have received an email warning me of a security flaw in Microsoft Messenger and containing a spoofed Microsoft link to http://emarketing.eqtr.com.


I assumed at first that this was a cleverly composed data-mining scam email produced by parties unrelated to ntl. Having emailed ntl, I was astonished to be told "We have received a number of emails from customers regarding emails warning of a new vulnerability in the Microsoft Messenger Service. This is a genuine email from ntlworld." A visit to emarketing.eqtr.com also reveals co-operation between the two companies.


Regardless of their dishonest marketing behavior, you will no doubt appreciate that a major and supposedly reputable internet service provider are undermining internet security by urging their customers to download security fixes via emails. I understand that Microsoft explicitly advise against this.


I trust that you will take this matter seriously and request that ntl Group Limited desist from this practice in future.

<snip>

I think you have made the right approach, however I would have been happier if you had emailed NTLhome first with the request to stop sending out security alerts in this manner. Then emailed Microsoft.
Now yes I guess I am splitting hairs here, but some of you will remember my feelings about a certain NTL advertisement and the poeple that were just trying to cause NTL problems.
However I do appreciate your concerns and think the decision you have made is the right one. :)

ms do send some patches out by email but only if you phone them asking for it and if you have certain software ..oh it all gets complicated.

seems like a good email from ntl to educate people..

gg

Ntl don't need me to tell them this. They know it is not acceptable. Just as they knew their links did not lead "directly to the Microsoft Site". I don't think my telling them would make any difference. They might listen to Microsoft though.

SOSAGES: Patches, fixes and software by email is fine - provided you ask for them. Not when they arrive unsolicited. If you get one from Microsoft, you know it's a scam - because they won't send them.

Ntl educating people? In how to pick up viruses, trojans or pass your email address to the spammers.

I assume they're trying to get around the privacy agreement, by tricking us into forwarding our emails addresses to the Equator email marketing company ourselves.

Just out of interest, has anyone sent a copy of this to The Register? I think El Reg might like to mention this on their pages...

Slightly off tangent to the original thread but, my mate called me an hour ago with a problem; he runs ME and had a pop up telling him his copy of windows was no longer valid and that he needed to provide his credit card details to continue using windows! He smelt a rat straight away, but could not shut this box down. He restarted windows and immediately ran into a whole stack of problems; task manager told him he was running a load of programmes (probably spy or adware) that he did not recognise. I am going over to his place at the weekend to install XP and another HDD, so maybe we can sort it all out.

But does anyone know if M$ are actually chasing down users of unlicensed copies of its OS? (I am not sure of the origins of his ME, but his XP will be Pukka!)

Was this box one of the problems that M$ are trying to stop with the demise of Windows messenger (I have got that bit right have I?)

Slightly off tangent to the original thread but, my mate called me an hour ago with a problem; he runs ME and had a pop up telling him his copy of windows was no longer valid and that he needed to provide his credit card details to continue using windows! He smelt a rat straight away, but could not shut this box down. He restarted windows and immediately ran into a whole stack of problems; task manager told him he was running a load of programmes (probably spy or adware) that he did not recognise. I am going over to his place at the weekend to install XP and another HDD, so maybe we can sort it all out.

But does anyone know if M$ are actually chasing down users of unlicensed copies of its OS? (I am not sure of the origins of his ME, but his XP will be Pukka!)

Was this box one of the problems that M$ are trying to stop with the demise of Windows messenger (I have got that bit right have I?)

I smell a rat and a bug and a spider and a bot too.
ME is due to go unsupported soon so I very much doubt if Mr Bill gates is chasing anyone fer anything in regards to ME.

Incog.