Is this message for real?
Fred Hanson
I received the following email today. It looks phony. Can anyone tell if
it's for real or just a way to introduce a virus?
Date: Fri, 27 Jun 2003 15:19:42 +0000 (GMT)From: "Microsoft"
<pbsmeyyt...@technet.msn.com>
To: "Microsoft Customer" < >
Subject: Network Security Update.
This message has been processed by Brightmail(TM) Anti-Virus using
Symantec's Norton AntiVirus Technology.
Q116922.exe was infected with the malicious virus W32.Gibe.B@mm and has
been deleted because the file cannot be cleaned.
For more information on anti-virus tips and technology, visit
http://www.brightmail.com/antivirus .
attachment263.dat attachment265.htm
This is the attachment:
Microsoft Customer
this is the latest version of security update, the
"June 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.
System requirements:
Win 9x/Me/2000/NT/XP
This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later
Recommendation:
Customers should install the patch at the earliest opportunity.
How to install:
Run attached file. Click Yes on displayed dialog box.
How to use:
You don't need to do anything after installing this item.
Microsoft Technical Support is available at
http://support.microsoft.com/
For security-related information about Microsoft products,
please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security
Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp
Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.
Thank you for using Microsoft products.
Best wishes from
Microsoft Internet Security Division
________________________________________
©2003 Microsoft Corporation. All rights reserved. The names of the actual
companies
and products mentioned herein may be the trademarks of their respective
owners.
--
Fred Hanson (remove NO_SPAN to send me email)
David H. Lipman
MS will never send a patch via email. You have to pull updates from their site.
There are a few viruses masquerading as if the were from MS. "W32/Gibe" is the
most well known.
Dave
Fred Hanson
> Fred Hanson wrote:
>>
>> I received the following email today. It looks phony. Can anyone tell if
>> it's for real or just a way to introduce a virus?
>>
>> -snip-
>> --
>> Fred Hanson (remove NO_SPAN to send me email)
>
> http://www.microsoft.com/technet/security/policy/swdist.asp
>
> --J
> Replies to: jNpolak(at)Ojuno(dot)Tcom
Right. And tghen I got a second message sent from an email name
that I know, but have never communicated with. Here's the 2nd msg:
This message has been processed by Brightmail(TM) Anti-Virus using
Symantec's Norton AntiVirus Technology.
MONTHS.doc.scr was infected with the malicious virus W32.Bugbear.B.Dam and
has been deleted because the file cannot be cleaned.
For more information on anti-virus tips and technology, visit
http://www.brightmail.com/antivirus .
What do you think of this?
Fred Hanson
which seems even more phony than the earlier ones:
From: "Courtney Brown" <cour...@security-central.com>
To: <fr...@any.com>, <ji...@neilson2000.freeserve.co.uk>,
<davi...@aol.com>, <newsg...@coribright.com>, <unk...@unknown.com>,
[my address was here], <sgsc...@pacbell.net>, <gde...@sympatico.ca>,
<mer...@earthlink.net>, <~ericd~@cox.net>, <alan....@videotron.ca>,
<kbth...@hotmail.com>, <epps...@ics.uci.edu>,
<starbound...@mail.com>, <mi...@home.net>, <ca_cr...@yahoo.com>,
<saf...@asdfasdf.com>, <ny...@bluefrog.biz>, <j...@soda.csua.berkeley.edu>,
<m..leuck@attbi.com>, <pa...@paulqualls.com>, <upsided...@excite.com>,
<ne...@csabagabor.com>, <steven_...@hotmail.com>,
<throw...@yahoo.com>, <nor...@microsoft.com>, <rus...@humboldt1.com>,
<tl...@next.online.no>, <szek...@pitt.edu>, <robertd...@netscape.net>,
<yis...@sover.net>, <zbi...@rogers.com>, <captai...@ntlworld.com>,
<kp7...@aol.com>, <j...@telkomsa.net>, <hm...@emily.net>, <fl...@netc.pt>,
<les.w...@ntlworld.com>, <ba...@netbox.com>, <kon...@pc.jaring.my>,
<jimm...@hotmail.com>, <eric...@yahoo.com>, <mlfra...@aol.com>,
<theca...@yahoo.com>, <mc...@mcmugthepiggy.com>, <f...@bar.com>,
<use...@deeden.co.uk>, <kar...@comcast.net>, <hau...@triad.rr.com>,
<mar...@dixon.aaugonline.net>, <dm...@roadrunner.nf.net>,
<mjkr...@attbi.com>, <x_chir...@earthlink.net_x>,
<cor...@ntlworld.com>, <randoma...@hotmail.com>, <mhsc...@cox.net>,
<emi...@pyre.com>, <s...@panix.com>, <xros...@pacific.net.sg>,
<al...@ihug.co.nz>, <pmo...@cogeco.ca>
Subject: See this update from the M$ CorporationDate: Fri, 27 Jun 2003
14:38:07 -0400
This message has been processed by Brightmail(TM) Anti-Virus using
Symantec's Norton AntiVirus Technology.
q375581.exe was infected with the malicious virus W32.Gibe.B@mm and has
been deleted because the file cannot be cleaned.
For more information on anti-virus tips and technology, visit
http://www.brightmail.com/antivirus .
attachment106.dat
On Fri, 27 Jun 2003 19:02:11 GMT, Fred Hanson <fredhans...@att.net>
wrote:
David H. Lipman
There is NOTHING to read between the lines here. You received viruses. So do
millions.
Dave
David H. Lipman
You have posted a few dozen email addresses. So some a--hole's bot is going to
scan this news group, capture all those email addresses and they will be spammed
and receive additional viruses. All because you can't handle the concept that
you received a few viruses.
You have done THEM a disfavour.
Dave
David W. Hodgins
> Now it's getting gross! Here is the body and header from the last message,
> which seems even more phony than the earlier ones:
>> For more information on anti-virus tips and technology, visit
>> http://www.brightmail.com/antivirus .
>> What do you think of this?
LEARN TO READ!!!!!!!!!!! See the link above? It explains
why the attatched file was deleted.
DON'T POST EMAIL ADDRESSES WITHOUT THE OWNERS PERMISSION!!!!!
You've been sent a worm/virus that was automatically deleted.
The software that deleted it sent the rest of the message to you,
just in case the rest of the message was of some use to you. The
worm picked up a bunch of addresses from the senders system, which
you have now posted to usenet, for all the spammers to enjoy.
Smarten up!
Dave Hodgins
Gabriele Neukam
> I received the following email today. It looks phony. Can anyone tell if
> it's for real or just a way to introduce a virus?
Look at that:
> Q116922.exe was infected with the malicious virus W32.Gibe.B@mm and has
> been deleted because the file cannot be cleaned.
And that is correct, as this filename is a clear indication that this
attachment was entirely Gibe.B. Good that Brightmail isn't a spam
detector only, but a fairly well working virus finder, too. It saved
your computer, perhaps.
Infos on Gibe.B are many, for instance:
http://vil.nai.com/vil/content/v_100088.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=
3DWORM_GIBE.B
(sorry, link has to be in one line)
http://www.symantec.com/avcenter/venc/data/w32.g...@mm.html
Gabriele Neukam
--
Ah, Information. A good, too valuable theses days, to give it away, just
so, at no cost.
Pourquoi tant d'étoiles pour si peu de trèfles à quatre feuilles ?
Fred Hanson <fredhans...@att.net> typed:
> Now it's getting gross! Here is the body and header from the last
> message, which seems even more phony than the earlier ones:
>
>
> Subject: See this update from the M$ CorporationDate: Fri, 27 Jun
> 2003 14:38:07 -0400
>
>>
>> What do you think of this?
I think that you have to learn politeness.
Do you also use to share worldwide the phone numbers of our friends and
family without their agreement ?
If you have some phone numbers of single(s) millionaire(s) miss(es)-world in
your address book feel free to send them to me (in private plz).
--
Jean-Luc Cavey
Paris, France
E-Mail : JLC...@alussinan.org
FFischer
this is, what my provider made out of this mail. Make up your own mind.
kind regards
boington
ALERT!!!
This e-mail in its original form contained one or more attached files that
were infected with a virus or worm, or contained another type of security
threat.
The following attachments were infected and have been repaired:
No attachments are in this category.
The following attachments were deleted due to an inability to clean them:
1. P304119.exe: W32.Gibe.B@mm
The Following attachments were not delivered due to inbound mail policy
violations:
No attachments are in this category.
Road Runner does not contact the sender of the infected attachment(s) in the
event that they were not actually sent from the indicated party.
Please contact the sender directly to alert them of their issue with
infected files if you wish to do so.
For more information on Road Runner's virus filtering initiative, visit our
Help & Member Services pages at http://help.rr.com, or the virus filtering
information page directly at http://help.rr.com/faqs/e_mgsp.html.
------------ Original message text follows ------------
MS User
this is the latest version of security update, the
"June 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow
an attacker to run executable on your system. This update includes
the functionality of all previously released patches.
System requirements Win 9x/Me/2000/NT/XP
This update applies to Microsoft Internet Explorer, version 4.01 and
later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest
opportunity.
How to install Run attached file. Click Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles
can be found on the Microsoft Technical Support web site.
For security-related information about Microsoft products, please
visit the Microsoft Security Advisor web site, or Contact us.
Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.
Thank you for using Microsoft products.
Best regards from
Microsoft Internet Public Support
----------------------------------------------------------------------------
----
AJD
"Gabriele Neukam" <Gabriel...@t-online.de> wrote in message
news:bdi70n$dn9$02$3...@news.t-online.com...
received this w32.gibe.b thingy today. this is the first time in 6 years
internet and usenet use i've been sent a malware. maybe i've just been
lucky!
cquirke
Yep. Looks like they handle these things quite nicely, but much as
ISP scanning helps clean the infosphere in general, I'd still practice
risk management, safe hex and run an av myself.
>-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
>-------------------- ----- ---- --- -- - - - -