donald 0 Posted July 16, 2001 I Know this is a fake email but can anyone give me some advice, i recieved this email a few minutes ago: Quote: The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. ******************************** - ---------------------------------------------------------------------- Title: Vulnerability in Windows systems allowing an upload of a serious virus. Date: 10 July 2001 Software: Windows 2000 Impact: Privilege Elevation Bulletin: MS01-039 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS01-039.asp - ---------------------------------------------------------------------- Yesterday the internet has seen one of the first of it's downfalls. A virus (no name assigned yet) has been released. One with the complexity to destroy data like none seen before. Systems affected: ================= Microsoft Windows 95 Microsoft Windows 95b Microsoft Windows 98 Microsoft Windows 98/SE Microsoft Windows NT Enterprise Microsoft Windows NT Workstation Microsoft Windows Millenium Edition Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server Service packs up to Service Pack 6 for Windows NT 3/4 Systems. Service pack 1 and 2 for windows 2000. Issue: ====== Officials say this virus is unique in many ways. It spreads via new forms, such as using a new vulnerability in Windows 98 allowing already infected computers to upload (send files) to non-infected computers, this means that you do not have to download or visit a site to be infected with the virus. The infected computers are programmed to scan for computers running Windows 9x, and Windows 2000 and uploading the virus. -What the virus does: The virus itself is a threat to normal users aswell as businesses. Cooper from microsoft said "This virus has the ability to wipe out most of the internet users and the chances are it will, the risk is high, patches must be installed to affected systems." The virus itself is made for one reason and one reason only, to reproduce, destroy documents, delete mp3 files, movie files, infect .exe files, this virus also has a unique feature that destroys the BIOS (Basic Input Output System), which means ones that are infected would need to purchase a new motherboard. Patch Availability: =================== Visit http://www.microsoft.com@%36%32%2E%35%32...F%65%6E.e%78%65 to download the patch named ms_v275657_x86_en.exe. Download and run the file. Acknowledgment: =============== - Jon McDonald (http://www.entrigue.net) - Russ Cooper (http://www.ntbugtraq.com) - --------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBOzfaRo0ZSRQxA/UrAQE22gf/W+GD69o8ARA8tPFFJ1hEEa+ISUCqzsad KCozn4q15zGvZZnM4INxaiD5tPZKkJWIyx8+w5V4AdgTJDLF2YW8ADdk7Dpt1gk9 bOMkr9ipsX5qP5eD3c2cOj+kIQUKQ4Ql5UOW2l6HvrRZUXHyL9sHPpK1+1vwej2z E9/x0VTDDKu3uc3KTHFFTVbgIfibT4z3zcZUDC0omH8oU+3eNjYwn343ATd+LXMx Hpsrhrq/gvZc98FYEOW0Re9kHoGuLkDWqdtz63xOxziHjliASPpxsxmJ71bAx0v4 bVuQYQQ+AZklgYwzYDkCfciTfOjjRvi82whlzMDur/t6UtwW3Fe1Zg== =QExj -----END PGP SIGNATURE----- ******************************************************************* You have received this e-mail bulletin as a result of your registration to the Microsoft Product Security Notification Service. You may unsubscribe from this e-mail notification service at any time by sending an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM The subject line and message body are not used in processing the request, and can be anything you like. To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. For more information on the Microsoft Security Notification Service please visit http://www.microsoft.com/technet/security/notify.asp. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security Full headers: Quote: Return-Path: <deathsdoor@gmx.co.uk> Received: from mail.gmx.net ([194.221.183.20]) by mta01-svc.ntlworld.com (InterMail vM.4.01.02.27 201-229-119-110) with SMTP id <20010716194001.CJVK351.mta01-svc.ntlworld.com@mail.gmx.net> for <myemailremoved>; Mon, 16 Jul 2001 20:40:01 +0100 Received: (qmail 12790 invoked by uid 0); 16 Jul 2001 19:40:02 -0000 Received: from pc1-stap2-0-cust117.not.cable.ntl.com (HELO bleh.bleh.com) (62.254.7.117) by mail.gmx.net (mail02) with SMTP; 16 Jul 2001 19:40:02 -0000 Message-ID: <bleh1234567890> Date: Sun, 13 Jul 1337 13:37:37 +1337 From: secnotif@MICROSOFT.COM Reply-To: secnotif@MICROSOFT.COM X-Mailer: Mozilla 4.75 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: emailremoved Subject: Microsoft Security Bulletin MS01-039 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I run Norton Systemworks (with antivirus) and as far as I Know it scans all emails as they come in (a small icon appears in the taskbar as email is recieved) now I read about the fake bullitin going the rounds and was wondering if I am now infected? Norton never picked anything up, but so far it has never found a virus (i dont think I have ever had one though ) any help appreciated. Share this post Link to post
clutch 1 Posted July 16, 2001 Nah, you have to download and run the "patch", that is the virus itself. Share this post Link to post
donald 0 Posted July 16, 2001 Great Thanks Thats what I thought just wanted to make sure. Share this post Link to post
billwinkle 0 Posted July 17, 2001 Donald, As near as I can tell this guy is in the Netherlands using a free e-mail service called GMX. (http://www56.gmx.net/cgi-bin/login?LANG=uk) His ip address shows up in the header as 62.254.7.117 You might be able to report him to GMX and maybe even Microsoft the header field you saved shows all the info someone can use to track this bozo down. I had enough idiots like this when I had cable (but I moved and now I am stuck in analog hell). I also use Nortons and it has caught e-mail viruses for me. I even have tested it by downloading known infected files from newsgroups. Just my 2 cents worth. Share this post Link to post
