Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
User Journal

Journal Surak's Journal: Interesting new virus? 15

Journal by Surak

Has anyone seen the following e-mail?

MS Client

this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your system. This update includes the functionality of all previously released patches.

  System requirements Windows 95/98/Me/2000/NT/XP
  This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
  Recommendation Customers should install the patch at the earliest opportunity.
  How to install Run attached file. Choose Yes on displayed dialog box.
  How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Obviously it's a fake. It had an executable attached to it that was supposed to be a 'fix'. I had a user e-mail and ask me if it was for real, though.

Now, the e-mail itself looks somewhat real, aside from the fact that the greeting says 'MS Client:', along with the obvious grammatical errors. They grabbed some images from the Microsoft Web site, but I can't reproduce them here in this JE, obviously. Let's just say the formatting looks like it *could* be real. If we didn't already know that Microsoft never publishes patches via e-mail, that is. ;)

Anyone else see this? I wonder how effective it is on the unwashed masses?

This discussion has been archived. No new comments can be posted.

Interesting new virus? More

Interesting new virus?

Comments Filter:
  • Avast!!

    Here be some un-edumacated users who have already tried t' execute the attachment (NAV Corp Edition caught it.)

    Apparently our not all our exchange servers are rejecting .exe attachments (that's being fixed)

    WTF.

    Anyhow... the unwashed masses are simply an accident waiting to happen.

  • and it somehow made it past the mail filters and Virus scans,
    Lotsa people also got the message multiple times in their home emails
  • I personally have not seen that one - but ----

    there's an email virus going around claiming to be a MS patch. it actually has a malicious payload outside of redistributing itself to everyone in the address book.

    FWIW: Microsoft's policy is to not distribute patches via email for this very reason. When they do issue out security patches, they have an email list that links to the patch along with the accompanying report detailing the bug. Bugtraq is among the recipients, and all their reports are PGP-signe
  • It's the Swen.32 virus. It spreads via email, irc, and kazaa. it tries to disable over 50 different firewalls and AV software then replicates. See Symantec.com for more info. It's on the front page. I caught it yesterday and filtered them all out. Over 500 so far today.

    You can filter on the phrase "September 2003, Cumulative Patch" (case sensative) and catch them all. They all have fake from/reply-to addresses and various names for the subject and attachment, but that phrase is in all of the mails.
  • ...at home, at 120-odd KB per. Over my dialup, that's not good. I've also gotten four or five "undeliverable" notices, so there's someone out there with the virus that has my e-mail address in their address book.
  • Comment removed based on user account deletion
  • Anyone else see this?

    Only about 50 to 75 times in the past 24 hours.

    I wonder how effective it is on the unwashed masses?

    Seems like it's pretty effective on somebody -- can't tell what their personal hygeine is like

  • ONE of my boxes has already dropped 600 of them on the floor!
  • andr0meda talked about it some hours ago [slashdot.org]. I haven't seen it yet. I don't think I'll get it. I am somehow lucky in people not sending me such stuff.

    Interesting tactic. Of course, I disable HTML email and don't use Lookout, so I'm pretty safe. Anything that looks like HTML is immediately deleted anyway: plaintext is the only thing I read.

  • She's got a habit of obeying random emails, including the 'instructions on how to delete essential files thinking that it's avirus' ones. I was going to tell her not to copy me in when she forwards those fakes, but then it occurred to me that her clueless friends aren't going to tell her, so i'd best stay on the list...

    So periodically we go through the is-this-real issue, and at least she sometimes remembers to check these days.

    Think of it this way, folks- and eventually, i need to post a JE about this

  • We're pretty well locked down here so I haven't seen it, but [thanks to your juornal] I went to our AV vendor website and looked it up. That thing is so good looking I think even I might have fallen for it if I didn't know better. Unless this makes mainstream news I think a lot of users are going to fall for it.
  • I saw one Thursday in my filtered folder. I haven't seen any since because I have not been around a PC. (and it was wonderful.)

Slashdot Top Deals

It's a naive, domestic operating system without any breeding, but I think you'll be amused by its presumption.

Close