------- Forwarded message ------- From: [EMAIL PROTECTED] To: "VirusEye Subscriber" <[EMAIL PROTECTED]> Subject: WARNING: Beware of the worm that claims to be a patch from Microsoft Date: Thu, 27 Feb 2003 15:25:23 GMT
Virus name: W32/Gibe.B-mm Number of copies seen so far: 2183 Date first Captured: 23rd Feb 2003, 2201 GMT Origin of first intercepted copy: Australia Number of countries seen active: 26 Most active countries: UK, Australia, USA, Hong Kong, France, Spain
Technical Details On 23rd February 2003, MessageLabs stopped the first copies of a new variant of the Gibe virus. Initial analysis suggests that this is a mass-mailing virus that is capable of propagating using email and also appears to be capable of spreading via network shares and IRC.
Once activated, the virus appears to gather any email addresses from the recipients’ computer, both from Microsoft Outlook and also from files found on the hard disk.
From the copies that MessageLabs have intercepted, the email attempts to impersonate a Microsoft Security Update email, and may comprise a variety of subject headings and attachment names, for example:
- FWD: Taste these security update from Microsoft. - Microsoft Security Patch. - FW: Look at that correction update from Microsoft. - FWD: Prove that security pack from Microsoft.
The body-text may also contain, ‘[…] this is the latest version of security update, the “February 2003, Cumulative Patch” […] Install now to protect your computer from these vulnerabilities […]’
The file attachment is written using Microsoft Visual BASIC and is 155,848 bytes in size (not compressed). Attachment file names may include:
- UPDATEnnnn.EXE (where nnnn is a seemingly random 4-digit number) - Qnnnnnn.EXE (where nnnnnn is a seemingly random 6-digit number, intended to masquerade as a valid Microsoft hotfix reference)
For further information, please view the report at MessageLabs: http://www.messagelabs.com/viruseye/report.asp?id=132
This email was sent to you because you subscribe to MessageLabs' Virus Alert service. You can cancel your subscription on the MessageLabs website at http://www.messagelabs.com/AlertUnsubscribe
MessageLabs is a leading provider of Internet-level managed email security services. Through its SkyScan portfolio of services, MessageLabs customers are protected from email-borne threats such as viruses, unsolicited mail and pornographic material, before such content comes anywhere near their network boundaries.
________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________
-- Euphorian
<A HREF="http://www.ctrl.org/";>www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance�not soap-boxing�please! These are sordid matters and 'conspiracy theory'�with its many half-truths, mis- directions and outright frauds�is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of [EMAIL PROTECTED]</A>
http://archive.jab.org/[EMAIL PROTECTED]/ <A HREF="http://archive.jab.org/[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
