Jump to content
Compatible Support Forums
Sign in to follow this  
donald

Virus?

Recommended Posts

I Know this is a fake email but can anyone give me some advice, i recieved this email a few minutes ago:

Quote:
The following is a Security Bulletin from the Microsoft Product Security

 

Notification Service.

 

 

 

Please do not reply to this message, as it was sent from an unattended

 

mailbox.

 

********************************

 

 

 

- ----------------------------------------------------------------------

 

Title: Vulnerability in Windows systems allowing an upload of a serious virus.

 

Date: 10 July 2001

 

Software: Windows 2000

 

Impact: Privilege Elevation

 

Bulletin: MS01-039

 

 

 

Microsoft encourages customers to review the Security Bulletin at:

 

http://www.microsoft.com/technet/security/bulletin/MS01-039.asp

 

- ----------------------------------------------------------------------

 

 

 

Yesterday the internet has seen one of the first of it's downfalls. A virus (no name assigned yet) has been released.

 

One with the complexity to destroy data like none seen before.

 

 

 

Systems affected:

 

=================

 

Microsoft Windows 95

 

Microsoft Windows 95b

 

Microsoft Windows 98

 

Microsoft Windows 98/SE

 

Microsoft Windows NT Enterprise

 

Microsoft Windows NT Workstation

 

Microsoft Windows Millenium Edition

 

Microsoft Windows 2000 Professional

 

Microsoft Windows 2000 Server

 

Microsoft Windows 2000 Advanced Server

 

Service packs up to Service Pack 6 for Windows NT 3/4 Systems.

 

Service pack 1 and 2 for windows 2000.

 

 

 

Issue:

 

======

 

Officials say this virus is unique in many ways. It spreads via new forms, such as using a new vulnerability in Windows

 

98 allowing already infected computers to upload (send files) to non-infected computers, this means that you do not have

 

to download or visit a site to be infected with the virus. The infected computers are programmed to scan for computers

 

running Windows 9x, and Windows 2000 and uploading the virus.

 

 

 

-What the virus does:

 

 

 

The virus itself is a threat to normal users aswell as businesses. Cooper from microsoft said "This virus has the ability

 

to wipe out most of the internet users and the chances are it will, the risk is high, patches must be installed to affected

 

systems." The virus itself is made for one reason and one reason only, to reproduce, destroy documents, delete mp3 files,

 

movie files, infect .exe files, this virus also has a unique feature that destroys the BIOS (Basic Input Output System),

 

which means ones that are infected would need to purchase a new motherboard.

 

 

 

Patch Availability:

 

===================

 

Visit http://www.microsoft.com@%36%32%2E%35%32...F%65%6E.e%78%65 to download the patch named ms_v275657_x86_en.exe. Download and run the file.

 

 

 

Acknowledgment:

 

===============

 

- Jon McDonald (http://www.entrigue.net)

 

- Russ Cooper (http://www.ntbugtraq.com)

 

 

 

- ---------------------------------------------------------------------

 

 

 

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED

 

"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL

 

WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF

 

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT

 

SHALL

 

MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES

 

WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,

 

LOSS

 

OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION

 

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH

 

DAMAGES.

 

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR

 

CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY

 

NOT

 

APPLY.

 

 

 

 

 

 

 

-----BEGIN PGP SIGNATURE-----

 

Version: PGP Personal Privacy 6.5.3

 

 

 

iQEVAwUBOzfaRo0ZSRQxA/UrAQE22gf/W+GD69o8ARA8tPFFJ1hEEa+ISUCqzsad

 

KCozn4q15zGvZZnM4INxaiD5tPZKkJWIyx8+w5V4AdgTJDLF2YW8ADdk7Dpt1gk9

 

bOMkr9ipsX5qP5eD3c2cOj+kIQUKQ4Ql5UOW2l6HvrRZUXHyL9sHPpK1+1vwej2z

 

E9/x0VTDDKu3uc3KTHFFTVbgIfibT4z3zcZUDC0omH8oU+3eNjYwn343ATd+LXMx

 

Hpsrhrq/gvZc98FYEOW0Re9kHoGuLkDWqdtz63xOxziHjliASPpxsxmJ71bAx0v4

 

bVuQYQQ+AZklgYwzYDkCfciTfOjjRvi82whlzMDur/t6UtwW3Fe1Zg==

 

=QExj

 

-----END PGP SIGNATURE-----

 

 

 

*******************************************************************

 

You have received this e-mail bulletin as a result of your registration

 

to the Microsoft Product Security Notification Service. You may

 

unsubscribe from this e-mail notification service at any time by sending

 

an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM

 

The subject line and message body are not used in processing the request,

 

and can be anything you like.

 

 

 

To verify the digital signature on this bulletin, please download our PGP

 

key at http://www.microsoft.com/technet/security/notify.asp.

 

 

 

For more information on the Microsoft Security Notification Service

 

please visit http://www.microsoft.com/technet/security/notify.asp. For

 

security-related information about Microsoft products, please visit the

 

Microsoft Security Advisor web site at http://www.microsoft.com/security

 

 

 

 

Full headers:

Quote:
Return-Path: <deathsdoor@gmx.co.uk>

Received: from mail.gmx.net ([194.221.183.20]) by mta01-svc.ntlworld.com

(InterMail vM.4.01.02.27 201-229-119-110) with SMTP

id <20010716194001.CJVK351.mta01-svc.ntlworld.com@mail.gmx.net>

for <myemailremoved>;

Mon, 16 Jul 2001 20:40:01 +0100

Received: (qmail 12790 invoked by uid 0); 16 Jul 2001 19:40:02 -0000

Received: from pc1-stap2-0-cust117.not.cable.ntl.com (HELO bleh.bleh.com) (62.254.7.117)

by mail.gmx.net (mail02) with SMTP; 16 Jul 2001 19:40:02 -0000

Message-ID: <bleh1234567890>

Date: Sun, 13 Jul 1337 13:37:37 +1337

From: secnotif@MICROSOFT.COM

Reply-To: secnotif@MICROSOFT.COM

X-Mailer: Mozilla 4.75 [en] (Win95; U)

X-Accept-Language: en

MIME-Version: 1.0

To: emailremoved

Subject: Microsoft Security Bulletin MS01-039

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

 

 

I run Norton Systemworks (with antivirus) and as far as I Know it scans all emails as they come in (a small icon appears in the taskbar as email is recieved) now I read about the fake bullitin going the rounds and was wondering if I am now infected?

Norton never picked anything up, but so far it has never found a virus (i dont think I have ever had one though :))

 

any help appreciated.

Share this post


Link to post

Nah, you have to download and run the "patch", that is the virus itself.

Share this post


Link to post

Donald,

As near as I can tell this guy is in the Netherlands using a free e-mail service called GMX. (http://www56.gmx.net/cgi-bin/login?LANG=uk)

His ip address shows up in the header as 62.254.7.117 You might be able to report him to GMX and maybe even Microsoft the header field you saved shows all the info someone can use to track this bozo down.

I had enough idiots like this when I had cable (but I moved and now I am stuck in analog hell).

I also use Nortons and it has caught e-mail viruses for me. I even have tested it by downloading known infected files from newsgroups.

Just my 2 cents worth.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×