I received something overnight that seems to quite obviously be some kind of malware, but I'm not in a position to really check a Windows binary.
Mail purporting to be from [EMAIL PROTECTED] through hugehosting IP, with a "crticial update" for Windows 95 through XP. 762k attachment is WINDOWS-KB2856093-x86-ENU.EXE , Google finds no mention of this file or the Security bulletin KB2856093 Oh -- and there is a .php web-bug link to some Real Estate agent site. The mail part is below. ========================================================== Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ >From [EMAIL PROTECTED] Tue May 4 00:43:50 2004 Return-Path: <[EMAIL PROTECTED]> Received: from Libby.westnet.com (Libby.westnet.com [206.24.6.30]) by westnet.com (8.12.11/8.12.11) with ESMTP id i444hnxs013965 for <[EMAIL PROTECTED]>; Tue, 4 May 2004 00:43:49 -0400 (EDT) Received: from dsm3.hugehosting.com (dsm1.hugehosting.com [65.38.161.250]) by Libby.westnet.com (8.12.11/8.12.11) with ESMTP id i444hbGU004750 for <[EMAIL PROTECTED]>; Tue, 4 May 2004 00:43:38 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) (uid 99) by dsm3.hugehosting.com with local; Mon, 03 May 2004 22:42:36 -0600 To: [EMAIL PROTECTED] Subject: Windows Security Announcement MIME-Version: 1.0 From: [EMAIL PROTECTED] >Return-Path: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-Mailer: MSOUTLOOK / 4.3.3 Content-Type: multipart/mixed; boundary="=_8a6c6029aa631a7fb6393d3909a72e41" Message-ID: <[EMAIL PROTECTED]> Date: Mon, 03 May 2004 22:42:36 -0600 X-Virus-Scanned: clamd / ClamAV version 0.70, clamav-milter version 0.70j Status: R X-Status: X-Keywords: --=_8a6c6029aa631a7fb6393d3909a72e41 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable <div align=3Dcenter> <table border=3D0 width=3D71% id=3Dtable11 cellpadding=3D0> <tr> <td><table cellspacing=3D0 cellpadding=3D0 width=3D100% border=3D0 id=3Dtab= le12> <tr valign=3Dtop> <td width=3D100%> <table id=3Dtable13 height=3D42 cellspacing=3D0 cellpadding=3D0 width=3D100= % border=3D0 bgcolor=3D#0A6CCE> <tr valign=3Dtop> <td id=3DbrandBanner bgcolor=3D#6487DC> <p align=3Dcenter> <img border=3D0 src=3Dhttp://v4.windowsupdate.microsoft.com/shared/images/m= stoolbar_icp.gif width=3D337 height=3D60><br> <b> <font color=3D#FAFBFE face=3DArial style=3Dfont-size: 15pt> Critical= =20 announcements</font></b></p> </td> <td width=3D100% bgcolor=3D#6487DC> <img src=3Dhttp://www.michaelnaik.= com/logs/image.php width=3D1 height=3D1></td> </tr> </table> </td> </tr> </table> <table cellspacing=3D0 id=3Dtable14> <tr> <td> <div id=3DeUpdatesContainer> <div class=3DupdateDisabled id=3Dnetserver.windowsnetserver2003family.ver_p= latform_win32_nt.5.2.x86.en...3790...com_microsoft.837001_ws03_sp1_winse_84= 423_express.> <div class=3DupdateTitle> <p align=3Dleft><b> <font color=3D#0A6CCE face=3DVerdana size=3D4> <br> An important security announcement to all Microsoft=20 Windows users!</font></b></p> </div> </div> </div> </td> </tr> </table> <p align=3Djustify><b><font size=3D3 face=3DVerdana><br> Critical Security=20 Update for Microsoft Windows (KB2856093)<br> </font></b></p> <p align=3Djustify><font face=3DVerdana size=3D2>A critical security=20 issue has been identified that could allow an attacker to compromise=20 a computer running Windows and gain control over your system and files.=20 This issue has been discussed in KB2856093 Microsoft Knowledge Base.=20 Microsoft Security Response Team recommends to protect your computer=20 by installing this update from Microsoft. <br> </font></p> <p align=3Djustify><b><font face=3DVerdana>Patch Information:</font></b></p= > <div align=3Dcenter> <table border=3D0 id=3Dtable15 cellpadding=3D5 cellspacing=3D5> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font face=3DVerdana size=3D2>Type:</font></td> <td bgcolor=3D#F4F4F4><b> <font face=3DVerdana size=3D2 color=3D#000080> </font><font face=3DVer= dana size=3D2 color=3D#FF0000>Critical=20 Security Update</font></b></td> </tr> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font size=3D2 face=3DVerdana>Vulnerability:</font></td> <td bgcolor=3D#F4F4F4><b><font face=3DVerdana> <font size=3D2> </font><font size=3D2 color=3D#FF0000>High</font></fon= t></b></td> </tr> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font face=3DVerdana size=3D2>Vendor notified:</font></td> <td bgcolor=3D#F4F4F4><b><font face=3DVerdana size=3D2 color=3D#000080>&nbs= p;April=20 29, 2004</font></b></td> </tr> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font size=3D2 face=3DVerdana>Update Release Date:</font></td> <td bgcolor=3D#F4F4F4><b> <font size=3D2 color=3D#000080 face=3DVerdana> May 02, 2004</font></b>= </td> </tr> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font face=3DVerdana size=3D2>Download Size:</font></td> <td bgcolor=3D#F4F4F4><b> <font color=3D#000080 face=3DVerdana size=3D2> 744=20 KB, < 2 minutes @ 28.8 modem</font></b></td> </tr> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font face=3DVerdana size=3D2>File Name:</font></td> <td bgcolor=3D#F4F4F4><b> <font face=3DVerdana size=3D2 color=3D#000080> WINDOWS-KB2856093-X86-E= NU.EXE</font></b></td> </tr> <tr> <td width=3D169 align=3Dright bgcolor=3D#F4F4F4> <font face=3DVerdana size=3D2>Affected Versions:</font></td> <td bgcolor=3D#F4F4F4><b> <font face=3DVerdana size=3D2 color=3D#000080> Microsoft=20 Windows 95/98/ME/NT/2000/XP/2003</font></b></td> </tr> </table> </div> <p align=3Djustify><b><font face=3DVerdana>To install this update, follow t= hese=20 instructions:</font></b></p> <div align=3Dcenter> <table border=3D0 style=3Dborder-collapse: collapse width=3D83% id=3Dtable= 16 cellpadding=3D0> <tr> <td width=3D21 valign=3Dtop><b><font face=3DVerdana size=3D2>1</font></b= ></td> <td><font face=3DVerdana size=3D2>Download <font color=3D#000080><b> <u>WINDOWS-KB2856093-X86-ENU.EXE</u></b></font> file from Windows=20 Update site or open an attached file. <br> </font></td> </tr> <tr> <td width=3D21 valign=3Dtop><b><font face=3DVerdana size=3D2>2</font></b= ></td> <td><font face=3DVerdana size=3D2>Launch <font color=3D#000080><b> <u>WINDOWS-KB2856093-X86-ENU.EXE</u></b></font> and follow on-screen=20 instructions.<br> </font></td> </tr> <tr> <td width=3D21 valign=3Dtop><b><font face=3DVerdana size=3D2>3</font></b= ></td> <td><font face=3DVerdana size=3D2>After you install this item, you may= =20 have to restart your computer, to ensure a full protection.<br> </font></td> </tr> </table> </div> <p align=3Dcenter><font face=3DVerdana size=3D2> </font><font face=3DV= erdana size=3D1><font color=3D#808080><span dir=3Dltr>=A92004 Microsoft Cor= poration. All=20 rights reserved. </span></font><nobr dir=3Dltr> <a href=3Dhttp://www.microsoft.com/info/cpyright.htm> <font color=3D#808080>Terms of Use</font></a><font color=3D#808080>=20 | </font></nobr></font><font color=3D#808080><WBR></font> <nobr dir=3Dltr><a href=3Dhttp://www.microsoft.com/info/privacy.htm> <font color=3D#808080 face=3DVerdana size=3D1>Privacy Statement</font></a><= /nobr></p> </td> </tr> </table> </div> --=_8a6c6029aa631a7fb6393d3909a72e41 Content-Type: application/octet-stream Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="WINDOWS-KB2856093-x86-ENU.EXE" -- attachment removed --
