SBC Bad Practice

On May 1, 2004 we received the follow email from SBC Internet Services. Unfortunately, SBC Internet Services is sending out emails to their customers with embedded HTML, telling them to "click on this link" to follow a URL to Microsoft. As near as we can tell, this is a valid email with a valid link.

Unfortunately, in view of the threats attacking the typical computer user, the day is gone when an ISP (or any trusted source) can send out HTML email and safely request the user to "click on this link".

The problem facing the end user is the one of the "phishing attack". Without special training or careful attention, the end user will ultimately fall victim to a perpetrator who sends a cleverly worded email that directs their web page to a hostile definition. Like the old "bank examiner's scam", the victim is a victim of trust - and in this case, SBC Internet Services is betraying that trust by training the end user to follow HTML email to an unknown destination. As discussed in the "phishing attack" link, any URL can be hidden by HTML. It is NOT good enough to direct the user to call an 800, 877, or 888 phone number for assistance - after all, how does the end user know who is on the other end of the 877 number? And why should they call if all the information needed is in the cleverly worded email?

All we can do is hope that ISPs and other trusted sources will see the error of their ways and not train their customers to be victims.

------------------------------------------------------------------------------------------------------------------------X-Apparently-To: billkennon@sbcglobal.net via web80403.mail.yahoo.com; Sat, 01 May 2004 02:30:41 -0700
Return-Path: <bulkmailer.ait@prodigy.net>
Received: from vmi-ext.prodigy.net (EHLO vmi.prodigy.net) (207.115.63.96)
by mta816.mail.yahoo.com with SMTP; Sat, 01 May 2004 02:30:40 -0700
X-Originating-IP: [207.115.63.76]
Received: from agent1-int.prodigy.net (agent1-ext.prodigy.net [207.115.63.76])
by vmi.prodigy.net (8.12.10/8.12.10) with ESMTP id i419UJ2Q214516;
Sat, 1 May 2004 05:30:21 -0400
Received: from smtp.com (bulkmail-int.prodigy.net [207.115.4.187])
by agent1-int.prodigy.net (8.8.5/8.8.5) with SMTP id FAA74990;
Sat, 1 May 2004 05:30:18 -0400
Message-Id: <200405010930.FAA74990@agent1-int.prodigy.net>
Date: Sat, 01 May 2004 01:00:48 -0400
From: "SBC Internet Services " <bulkmailer@prodigy.net>
Subject: Worm Threat: Immediate Action Required
To: "SBC Internet Services Members" <members@sbcglobal.net>
Precedence: list
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C126FC.0B7F7100"
Mime-Version: 1.0
X-Bulkmail: 2.05

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C126FC.0B7F7100
Content-Type: text/plain;
charset="iso-8859-1"

Dear SBC Internet Services Member:

It is extremely important that you read this message
and take immediate action if you are using
Windows NT, 2000 or XP.

A computer worm referred to as Gaobot, is currently
infecting computers across the Internet. In response,
we strongly urge you to take the following
security measures:

1) Use a personal software or hardware firewall to protect
your computers from network worms and intruders.
2) Download and install all available critical patches for
your Windows operating system from the Microsoft web
site: http://windowsupdate.microsoft.com/
3) Use up-to-date anti-virus software to detect and remove
Gaobot or other computer worms and viruses.

If you have more than one computer using these specific
Windows operating systems, you should perform these actions
on all such computers that connect to the Internet. Failure
to take appropriate action could result in infection of
your system and spread of this problem - and could lead to
suspension of your account.

SBC Yahoo! members can access additional information about
SBC Yahoo! security features, including free anti-virus and
personal firewall at help.sbcglobal.net
Further information is available at www.microsoft.com/security/protect

If you have questions about this e-mail or need other
information, please contact SBC Internet Service
toll free at 877-722-3755.

Thank you,

SBC Internet Services

(c) 2004 SBC Knowledge Ventures, L.P. All Rights Reserved.

------=_NextPart_000_0007_01C126FC.0B7F7100
Content-Type: text/html;
charset="iso-8859-1"


<!DOCTYPE html public "-//W3C//Dtd HTML 4.0 Transitional//EN">
<html>
<head><title>Worm/Virus Threat: Immediate Action Required</title>
<meta name="Description" content="Network Outage Bulletin for DSL Connection Manager, 3-20-2003">
<style type="text/css">
body {BACKGROUND-COLOR: #ffffff; }
table.main {BACKGROUND-COLOR: #006699; }
table.white {BACKGROUND-COLOR: #ffffff; }
td {FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Arial, Helvetica, sans-serif; }
.callout {
FONT-WEIGHT: bold;
FONT-SIZE: 12.2px;
COLOR: #ffffff;
line-height : 13px;
}
.small { FONT-SIZE: 9px; }
.small2 { FONT-SIZE: 7px; }
.legal {FONT-SIZE: 10px; MARGIN: 10px; COLOR: #ffffff; FONT-FAMILY: Arial, Helvetica, sans-serif; }
a.legal_link {FONT-SIZE: 10px; COLOR: #ffffff; FONT-FAMILY: Arial, Helvetica, sans-serif; font-weight: bold; }
a.legal_link:hover { text-decoration: underline; }
a.legal_link:active { color: #ffffff; }
a.legal_link:visited { color: #ffffff; }
.leadoff {FONT-WEIGHT: bold; FONT-SIZE: 13px; COLOR: #006699; }
.red { COLOR: #FF0000; }
</style>
</head>
<body><img src="http://myhome.prodigy.net/htmlemails/pixel_worm0430.gif" width="1" height="1" border="0" alt=""><br>
<table width="550" border="0" cellspacing="0" cellpadding="0" class="main">
<tr>
<td width="550">
<table width="100%" height="47" border="0" cellspacing="0" cellpadding="0" bgcolor="#006699">
<tr valign="top">
<td width="13" height="3" valign="bottom"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tabupperleft.gif" alt="" width="13" height="3" border="0"></td>
<td width="180" height="3" valign="bottom"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tabtop.gif" alt="" width="180" height="3" border="0"></td>
<td width="53" height="3" valign="bottom"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tabupperright.gif" alt="" width="53" height="3" border="0"></td>
<td width="304" height="3" colspan="2"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/spacerBlue.gif" alt="" width="304" height="3" border="0"></td>
</tr>
<tr valign="top">
<td width="13" height="40"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tableft.gif" alt="" width="13" height="40" border="0"></td>
<td width="180" height="40" bgcolor="#FFCC00"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/sbc.gif" alt="SBC" width="180" height="40" border="0"></td>
<td width="53" height="40"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tabrighthome.gif" alt="" width="53" height="40" border="0"></td>
<td width="304" height="40" rowspan="2" align="left" valign="top" nowrap background="http://mailings.prodigy.net/htmlmail/generic/2.6/7_toplinkbg.gif" border="0" alt="">
<table width="290" height="40" border="0" cellspacing="0" cellpadding="0" align="left">
<tr align="left">
<td height="39" align="center" valign="middle" class="callout">
<br>Worm Threat: Immediate Action Required
</td>
</tr>
</table>
</td>
</tr>
<tr valign="bottom">
<td valign="top" width="13" height="4"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tablowerleft.gif" alt="" width="13" height="4" border="0"></td>
<td valign="top" width="180" height="4"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tabbottom.gif" alt="" width="180" height="4" border="0"></td>
<td valign="top" width="53" height="4"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/7_tablowerright.gif" alt="" width="53" height="4" border="0"></td>
<td valign="top" width="304" height="4"><img src="http://mailings.prodigy.net/htmlmail/generic/2.6/spacerBlue.gif" alt="" width="5" height="8" border="0"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center">
<table width="98%" border="0" cellspacing="0" cellpadding="5" align="center" class="white">
<tr>
<td colspan="2">
<br>
Dear SBC Internet Services Member:
<br><br>
It is extremely important that you read this message and take immediate action if you are using Windows NT, 2000 or XP.
<br><br>
A computer worm referred to as Gaobot, is currently infecting computers across the Internet. In response, we strongly urge you to take the following security measures:
<br><br>
<table width="90%" border="0" cellspacing="1" cellpadding="0" align="center">
<tr>
<td valign="top" width="20"><b>1)</b></td>
<td valign="top">Use a personal software or hardware firewall to protect your computers from network worms and intruders.</td>
</tr>
<tr>
<td valign="top" width="20"><b>2)</b></td>
<td valign="top">Download and install all available critical patches for your Windows operating system from the Microsoft web site: <a href="http://myclicks.prodigy.net/track.html?page=15106&module=2146&link=27550&cat=2744&provider=1615&url=http://windowsupdate.microsoft.com">http://windowsupdate.microsoft.com/</a></td>
</tr>
<tr>
<td valign="top" width="20"><b>3)</b></td>
<td valign="top">Use up-to-date anti-virus software to detect and remove Gaobot or other computer worms and viruses.</td>
</tr>
</table>
<br>
If you have more than one computer using these specific Windows operating systems, you should perform these actions on all such computers that connect to the Internet. Failure to take appropriate action could result in infection of your system and spread of this problem - and could lead to suspension of your account.
<br><br>
SBC Yahoo! members can access additional information about SBC Yahoo! security features, including free anti-virus and personal firewall at <a href="http://myclicks.prodigy.net/track.html?page=15106&module=2146&link=27552&cat=2744&provider=1175&url=http://help.sbcglobal.net">help.sbcglobal.net</a>. Further information is available at <a href="http://myclicks.prodigy.net/track.html?page=15106&module=2146&link=27551&cat=2744&provider=1615&url=http://www.microsoft.com/security/protect">www.microsoft.com/security/protect</a>.
<br><br>
If you have questions about this e-mail or need other information, please contact SBC Internet Services toll free at <b>877-722-3755</b>.
<br><br>
Thank you,
<br><br>
<b>SBC Internet Services</b>
<br> </p>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td class="legal">
<p class="legal">
© 2004 SBC Knowledge Ventures, L.P. All Rights Reserved.</p>
</td>
</tr>
</table>
</body>
</html>

------=_NextPart_000_0007_01C126FC.0B7F7100--