New virus threat for M$ PC's

[dhaen]

I've just recieved 2 similar emails purporting to be from Microsoft, each with 3 attachments, one being an exe file.

These are counterfeit, and carry a virus payload that may be executed in unpatched MS outlook/ outlook express on opening.

This is so new it's not on the virus sites yet, but is explained in this news article:
http://www.eweek.com/article2/0,4149,1273195,00.asp

I'm certain this is not a hoax.

 

[Sch3mat1c]

Ever since this afternoon I've been getting a monsoon of the damn things... PLEASE DO NOT OPEN THE ATTACHMENTS! Just delete the things.

Word to the wise, never open an executable type (.COM, .EXE, .BAT, .SCR, and I think one or two more) unless you're sure of what it is.

Tim

 

[AudioFreak]

*.PIF is also a common one.

 

[Netlist]

These are counterfeit, and carry a virus payload that may be executed in unpatched MS outlook/ outlook express on opening.

Yes, the virus guys are having a great time.
As always, keep your system and virus scanner patched, preferably on a daily bases and install a decent firewall.
Performing those simple tasks, I'm able to stay virus free for many years now.

/Hugo - has a big quarantine list.

 

[kelticwizard]

I noticed that several recent viruses masquerade as Emails from Microsoft.

My question is: does Microsoft actually send Emails out to people who use their OS? Is their such a thing as a legit unsolicited Email from Microsoft?

 

[Netlist]

Here is some more in-depth info about our 'friend' Swen:
http://www.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

/Hugo

 

[jackinnj]

I had 116 of these emails between 11:00 pm and 7:00 a.m. -- our ISP (Comcast) is aware of the problem.

You can check the MSFT website for patches -- for me I think I'll get a Powerbook!

 

[dhaen]

snip...

....-- for me I think I'll get a Powerbook!

I changed last month. Haven't looked back

 

[grimberg]

My question is: does Microsoft actually send Emails out to people who use their OS? Is their such a thing as a legit unsolicited Email from Microsoft?

In my experience dealing with Microsoft over many years, they will not send e-mails unless you ask to be included in one of their several mailing lists.
If you register with them and get e-mails, you can still change your profile and uncheck the selected mailing lists. The messages will stop coming immediately.
If you have not signed up with Microsoft, messages you receive most likely come from a spoofed address and I suggest you delete them without opening.

 

[grimberg]

-- for me I think I'll get a Powerbook!

The Powerbook is a good option. You could also re-purpose your Intel box and install Red Hat Linux with Gnome for the GUI and Ximian (http://www.ximian.com) for e-mail client. It is, by design, meant to closely resemble Microsoft Outlook.

 

[Elso Kwak]

I've just recieved 2 similar emails purporting to be from Microsoft, each with 3 attachments, one being an exe file.

These are counterfeit, and carry a virus payload that may be executed in unpatched MS outlook/ outlook express on opening.

This is so new it's not on the virus sites yet, but is explained in this news article:
http://www.eweek.com/article2/0,4149,1273195,00.asp

I'm certain this is not a hoax.

Hi John,
Yes its a virus:
Here is the text from the email. Its looks quite guinine!



Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home


Microsoft User

this is the latest version of security update, the "September 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your computer. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility

 

[Sch3mat1c]

Heh, I wonder if the virus writer can get sued for using the Microsoft copyright in the text

Tim

 

[mbroker]

Re: Re: New virus threat for M$ PC's

As always, keep your system and virus scanner patched, preferably on a daily bases and install a decent firewall.

And the simple fact of the matter is that most people are too computer ignorant to understand and follow this. I particularly loved the MSBlast fiasco a few weeks ago because the MS patch for the security hole had been released 4 WEEKS prior to the virus hitting critical mass.....

So I'd add "get the automatic windows update agent and set it to check and install automatically" to your list

I noticed that several recent viruses masquerade as Emails from Microsoft.

My question is: does Microsoft actually send Emails out to people who use their OS? Is their such a thing as a legit unsolicited Email from Microsoft?

Microsoft will NEVER send an email attachment, but will link to their website with the appropriate download information. In fact, they will only send you email if you request when you register your product.... assuming your software is registerable

Thankfully, the only virii I've encountered of late are *****-related....

Cheers,

Mark

 

[fdegrove]

Hi,

*.PIF is also a common one.

Not quite, PIFs are program information files containing parameters for a parent program running under DOS from within a Windows environment and as such are harmless.

*.bat or batch file are similar in that they contain commands for DOS or DOS programs to execute, they are worthless without the programs present.

*.SCR or sreensavers are executables same as *.exe files.

Etc, etc...much more malicious are the other scripts files under Windows such as the *.vbs (Visual Basic) and Java script files.

Keep your anti-virus programs up to date and if using DSL or cable install a firewall and configure it correctly.
Modem users are less prone due to the shorter time they stay online but the above measures won't hurt them either.

BTW, the forum like all other forum uses the messaging services extensively which are a major security issue.

Please subscribe to the M$ security patches which will warn you of any security issues.

Micosoft never sends anything unsollicited to anyone so beware....

Caveat emptor,

 

[jleaman]

I pitty every person that gets viruses. It is so nice to run a system with out virus software running in the background


GET A MAC

 

[AudioFreak]

Not quite, PIFs are program information files containing parameters for a parent program running under DOS from within a Windows environment and as such are harmless.

*.bat or batch file are similar in that they contain commands for DOS or DOS programs to execute, they are worthless without the programs present.

I agree with you on this but my point was that *.PIF and *.BAT for that matter seem to be common attachments in infected emails... sure they dont always have the potential of *.EXE, *.SCR, *.COM etc but I thought it worth the mention because there are alot of people that dont know any better and those file types can under the right conditions cause probs. Of course there are also WSH files and macros in infected ms office files etc. It's a dangerous world out there.

 

[dhaen]

file extensions for the uninformed..

Does Window still hide file extensions by default? All versions I have used do.
This causes confusion to users who see a file called murder.txt.exe as murder.txt , a harmless text file.

Cheers,

 

[fdegrove]

Hi,

but I thought it worth the mention because there are alot of people that dont know any better and those file types can under the right conditions cause probs. Of course there are also WSH files and macros in infected ms office files etc. It's a dangerous world out there.

No prob...just me dotting Is and crossin' the Ts...

Hi,

This causes confusion to users who see a file called murder.txt.exe as murder.txt , a harmless text file.

To the best of my knowledge they still do that by default, probably in an effort to emulate the ease of use of a Mac...

A really stupid idea in the first place IMO, YMMV.

Cheers,

 

[Sch3mat1c]

Not quite, PIFs are program information files containing parameters for a parent program running under DOS from within a Windows environment and as such are harmless.

*.bat or batch file are similar in that they contain commands for DOS or DOS programs to execute, they are worthless without the programs present.

Doesn't matter, windows is too dumb to care. It treats one executable as another, try it, rename any program to use a .PIF or .BAT extension. Presumably it decides it based on the file's header, or lack thereof.

Tim

 

[Lisandro_P]

Originally posted by Sch3mat1c Presumably it decides it based on the file's header, or lack thereof.[/B]

It does just that, as a matter of fact.