Journal Surak's Journal: Interesting new virus? 15
Has anyone seen the following e-mail?
MS Client
this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your system. This update includes the functionality of all previously released patches.
System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Obviously it's a fake. It had an executable attached to it that was supposed to be a 'fix'. I had a user e-mail and ask me if it was for real, though.
Now, the e-mail itself looks somewhat real, aside from the fact that the greeting says 'MS Client:', along with the obvious grammatical errors. They grabbed some images from the Microsoft Web site, but I can't reproduce them here in this JE, obviously. Let's just say the formatting looks like it *could* be real. If we didn't already know that Microsoft never publishes patches via e-mail, that is.
Anyone else see this? I wonder how effective it is on the unwashed masses?
Very... (Score:1)
Here be some un-edumacated users who have already tried t' execute the attachment (NAV Corp Edition caught it.)
Apparently our not all our exchange servers are rejecting
WTF.
Anyhow... the unwashed masses are simply an accident waiting to happen.
Re:Very... (Score:2)
Lotsa people here at work got it (Score:1)
Lotsa people also got the message multiple times in their home emails
no, but (Score:2)
there's an email virus going around claiming to be a MS patch. it actually has a malicious payload outside of redistributing itself to everyone in the address book.
FWIW: Microsoft's policy is to not distribute patches via email for this very reason. When they do issue out security patches, they have an email list that links to the patch along with the accompanying report detailing the bug. Bugtraq is among the recipients, and all their reports are PGP-signe
It's a virus (Score:2)
You can filter on the phrase "September 2003, Cumulative Patch" (case sensative) and catch them all. They all have fake from/reply-to addresses and various names for the subject and attachment, but that phrase is in all of the mails.
I've gotten six copies already (Score:1)
Re:I've gotten six copies already (Score:1)
Re: (Score:2)
seen it? (Score:2)
Only about 50 to 75 times in the past 24 hours.
Seems like it's pretty effective on somebody -- can't tell what their personal hygeine is like
seen it? are you kidding. (Score:1)
Read it in another journal (Score:1)
Interesting tactic. Of course, I disable HTML email and don't use Lookout, so I'm pretty safe. Anything that looks like HTML is immediately deleted anyway: plaintext is the only thing I read.
Me best friend has likely destroyed her hard drive (Score:2)
So periodically we go through the is-this-real issue, and at least she sometimes remembers to check these days.
Think of it this way, folks- and eventually, i need to post a JE about this
Re:Me best friend has likely destroyed her hard dr (Score:2)
Aaarrr.
Wow. Somebody spent a lot of time on that. (Score:2)
Yes. (Score:2)