Hi, Anyone come across this one?? I have *just* received this - yet another email claiming to be from MS (showing initially as being from [EMAIL PROTECTED]), titled 'New Patch'. Same nice HTML page, with message body...
Microsoft User this is the latest version of security update, the "October 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to continue keeping your computer secure from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. This update includes the functionality of all previously released patches. ...with an attachment 'UPDATE.exe', 69Bytes. My Norton AV, with virus patterns dated 8th October doesn't give ANY warnings whatsoever, nothing gets quarantined though the attachment gets saved as 0 bytes - so some checking/stripping takes place. Message headers... Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 28201 invoked by uid 457); 14 Oct 2003 20:02:36 -0000 Delivered-To: [EMAIL PROTECTED] Received: (qmail 28196 invoked from network); 14 Oct 2003 20:02:36 -0000 Received: from unknown (HELO remt25.cluster1.charter.net) (209.225.8.35) by hosting-132-36.phpwebhosting.com with SMTP; 14 Oct 2003 20:02:36 -0000 Received: from [68.112.20.189] (HELO ysjug) by remt25.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with SMTP id 26689859; Tue, 14 Oct 2003 16:02:03 -0400 FROM: "Microsoft" <[EMAIL PROTECTED]> TO: "User" <[EMAIL PROTECTED]> SUBJECT: New Patch Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="zcwyruuzitrbo" Date: Tue, 14 Oct 2003 16:02:04 -0400 Message-ID: <[EMAIL PROTECTED]> Regards, Anthony Aykut Frame4 Security Systems Your Partner in IT Security http://www.frame4.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
