septembre 15, 2003

Mail from Microsoft NOT!

I got this one in the mail last week with an "empty" attachment this week I got it again from a different wing-nut but they got it right this time they put a worm on it. It included links to recent Microsoft patches, the attachment was named as if it was a MS "hotfix". It was an executable q370344.exe containing the W32/Gibe-B@mm worm. You could have all the patches in the world installed but if you execute the attachment they will not help one bit.

This worm is nasty if you get it like the spybot worm I wrote about recently. It disables regedit and task manager and launches multiple copies of itself renames itself and uses several methods to run the "hidden" versions.

Microsoft NEVER mails out patches to customers unless you have an open ticket and then they just send you a link where you have to go to a Microsoft site to download them. Microsoft technicians use their own names in the email address and they will direct the email to your address and not some spam list.
Of course some poor soul spooked by all the notoriety about worms and security holes in recent months that they will happily execute the attached worm don't you be one of them.

I've seen this has been sent to more than a few people most smart enough to not run the attachment.

It is an older virus and is detected by all the virus scanning engines. So keep your guard up. Read on to see the email content sans HTML table and links. Note how the mail is certified virus free . My what big eyes you have Grandma.....

Microsoft Customer

this is the latest version of security update, the
"September 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow
an attacker to run executable on your system. This update includes
the functionality of all previously released patches.

System requirements Win 9x/Me/2000/NT/XP
This update applies to Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Click Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles
can be found on the Microsoft Technical Support web site.
For security-related information about Microsoft products, please
visit the Microsoft Security Advisor web site, or Contact us.

Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

Thank you for using Microsoft products.

With friendly greetings,
Microsoft Public Support

©2003 Microsoft Corporation. All rights reserved. The names of the actual companies
and products mentioned herein may be the trademarks of their respective owners.

Outgoing mail is certified Virus Free.
Checked by Kaspersky anti-virus system (
Release Date: 25.8.2003

Posted by Philip at septembre 15, 2003 08:35 PM | TrackBack
Post a comment
Preview your comment to check spelling

Remember personal info?