Dang, but virus writers are getting clever. I just received this. The tip off was that I had never received software updates via email from M$ before. I know that I had registered with M$ in the past at a previous job, but damn, that was 3 years ago. I'm pretty sure it is an attempt by a virus writer to get me to run an infected file. What do you think?
--- Microsoft Corporation Security Center <[EMAIL PROTECTED]> wrote: > From pop_server."john"@mail.eatel.net Sat Mar 9 > 20:17:29 2002 > From: "Microsoft Corporation Security Center" > <[EMAIL PROTECTED]> > To: "Microsoft Customer" <'[EMAIL PROTECTED]'> > Subject: Internet Security Update > Reply-to: <[EMAIL PROTECTED]> > Date: Sat, 9 Mar 2002 21:51:00 +0000 > > > Microsoft Customer, > > this is the latest version of security update, > the > "5 Mar 2002 Cumulative Patch" update which > eliminates all > known security vulnerabilities affecting Internet > Explorer and > MS Outlook/Express as well as six new > vulnerabilities, and is > discussed in Microsoft Security Bulletin MS02-005. > Install now to > protect your computer from these vulnerabilities, > the most serious of which > could allow an attacker to run code on your > computer. > > > Description of several well-know vulnerabilities: > > - "Incorrect MIME Header Can Cause IE to Execute > E-mail Attachment" vulnerability. > If a malicious user sends an affected HTML e-mail or > hosts an affected > e-mail on a Web site, and a user opens the e-mail or > visits the Web site, > Internet Explorer automatically runs the executable > on the user's computer. > > - A vulnerability that could allow an unauthorized > user to learn the location > of cached content on your computer. This could > enable the unauthorized > user to launch compiled HTML Help (.chm) files that > contain shortcuts to > executables, thereby enabling the unauthorized user > to run the executables > on your computer. > > - A new variant of the "Frame Domain Verification" > vulnerability could enable a > malicious Web site operator to open two browser > windows, one in the Web site's > domain and the other on your local file system, and > to pass information from > your computer to the Web site. > > - CLSID extension vulnerability. Attachments which > end with a CLSID file extension > do not show the actual full extension of the file > when saved and viewed with > Windows Explorer. This allows dangerous file types > to look as though they are simple, > harmless files - such as JPG or WAV files - that do > not need to be blocked. > > > System requirements: > Versions of Windows no earlier than Windows 95. > > This update applies to: > Versions of Internet Explorer no earlier than 4.01 > Versions of MS Outlook no earlier than 8.00 > Versions of MS Outlook Express no earlier than 4.01 > > How to install > Run attached file q216309.exe > > How to use > You don't need to do anything after installing this > item. > > > For more information about these issues, read > Microsoft Security Bulletin MS02-005, or visit link > below. > http://www.microsoft.com/windows/ie/downloads/critical/default.asp > If you have some questions about this article > contact us at [EMAIL PROTECTED] > > Thank you for using Microsoft products. > > With friendly greetings, > MS Internet Security Center. > ---------------------------------------- > ---------------------------------------- > Microsoft is registered trademark of Microsoft > Corporation. > Windows and Outlook are trademarks of Microsoft > Corporation. > > ATTACHMENT part 2 application/x-msdownload name=q216309.exe and here is the original header: >From pop_server."john"@mail.eatel.net Sat Mar 9 20:17:29 2002 Received: from mail.eatel.net by web10702.mail.yahoo.com with YMEXTPOP; Sat, 09 Mar 2002 20:17:29 PST Received: from spf8.us4.outblaze.com (205-158-62-35.outblaze.com [205.158.62.35]) by ens1.eatel.net (8.12.0/8.12.0) with SMTP id g29Lp7OM019567 for <[EMAIL PROTECTED]>; Sat, 9 Mar 2002 15:51:08 -0600 (CST) Received: from mtiwmhc22.worldnet.att.net (mtiwmhc22.worldnet.att.net [204.127.131.47]) by spf8.us4.outblaze.com (8.11.6/8.11.6/us4-srs) with ESMTP id g29Lp1j19179 for <[EMAIL PROTECTED]>; Sat, 9 Mar 2002 21:51:02 GMT Received: from pfuckie ([12.90.11.176]) by mtiwmhc22.worldnet.att.net (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <[EMAIL PROTECTED]>; Sat, 9 Mar 2002 21:50:01 +0000 From: "Microsoft Corporation Security Center" <[EMAIL PROTECTED]> | Block Address | Add to Address Book To: "Microsoft Customer" <'[EMAIL PROTECTED]'> Subject: Internet Security Update Reply-to: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="NextPart_000235" Message-Id: <[EMAIL PROTECTED]> Date: Sat, 9 Mar 2002 21:51:00 +0000 X-UIDL: #UF!!8h<!!kV*"!JM3"! Content-Length: 112380 I'm not sure if I should report this or let it run its course. If anybody wants the attached file, email me. John Hebert __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================
