Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [SPAM] Fw: Newest Internet Security Patch

From: "class 101" <class101 () hat-squad com>
Date: Fri, 11 Mar 2005 23:02:48 +0100
yep looks like a virus , I thought it was someone phreaking :) thx for the
infos .


-------------------------------------------------------------
class101
Jr. Researcher
Hat-Squad.com
-------------------------------------------------------------
----- Original Message -----
From: "Florian Bauhaus" <florian.bauhaus () innovalan de>
To: "class 101" <class101 () hat-squad com>
Sent: Friday, March 11, 2005 10:48 PM
Subject: Re: [Full-disclosure] [SPAM] Fw: Newest Internet Security Patch


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am not sure what attachment you removed, but thats what my mailserver
says to your email:
X-Virus-Status: Yes
X-Virus-Report: Worm.Gibe.F FOUND
X-Virus-Checker-Version: clamassassin 1.2.0 with ClamAV 0.83/761/Thu Mar
10 22:01:48 2005 signatures 30.761


Best regards,
Florian B.

class 101 wrote:
| This might be helpful to spot out this fake microsoft mail telling you
to download the attachement.
| It does several times that Im receiving it and I guess many users
trusts it's from ms but it is not.
| (attachement removed from this mail), looks like the sender is a
wanadoo.fr host.
|
| Details:
|
| Return-path: <mariam.ouakrim () wanadoo fr>
| Envelope-to: class101 () hat-squad com
| Delivery-date: Fri, 11 Mar 2005 16:19:13 +0330
| Received: from hatsquad by 1n6-235.servernode.net with local-bsmtp
(Exim 4.43)
|  id 1D9jZj-00087c-J1
|  for class101 () hat-squad com; Fri, 11 Mar 2005 16:19:12 +0330
| Received: from [193.252.22.30] (helo=smtp1.wanadoo.fr)
|  by 1n6-235.servernode.net with esmtp (Exim 4.43)
|  id 1D9jZh-00087R-Hr
|  for class101 () hat-squad com; Fri, 11 Mar 2005 16:19:06 +0330
| Received: from me-wanadoo.net (mail.rararchiver.com [127.0.0.1])
|  by mwinf0102.wanadoo.fr (SMTP Server) with ESMTP id 632201FF9854
|  for <class101 () hat-squad com>; Fri, 11 Mar 2005 13:49:04 +0100 (CET)
| Received: from zrrufx (Mix-Toulouse-215-4-209.w80-9.abo.wanadoo.fr
[80.9.79.209])
|  by mwinf0102.wanadoo.fr (SMTP Server) with SMTP id 2B0671FFFD4E;
|  Fri, 11 Mar 2005 13:48:32 +0100 (CET)
| X-ME-UUID: 20050311124833176.2B0671FFFD4E () mwinf0102 wanadoo fr
| From: "Security Division" <kivxqjorfokxo () news com>
| To: "Commercial Client" <zcwdqsw_lbsonueur () news com>
| SUBJECT: Newest Internet Security Patch
| Mime-Version: 1.0
| Content-Type: multipart/mixed; boundary="szfutswuhncenm"
| Message-Id: <20050311124832.2B0671FFFD4E () mwinf0102 wanadoo fr>
| Date: Fri, 11 Mar 2005 13:48:32 +0100 (CET)
|
|
| -------------------------------------------------------------
| class101
| Jr. Researcher
| Hat-Squad.com
| -------------------------------------------------------------
| ----- Original Message -----
| From: Security Division
| To: Commercial Client
| Sent: Friday, March 11, 2005 1:48 PM
| Subject: Newest Internet Security Patch
|
|
|         Microsoft    All Products |  Support |  Search |
Microsoft.com Guide
|       Microsoft Home
|
|
|       Microsoft Client
|
|       this is the latest version of security update, the "March 2005,
Cumulative Patch" update which eliminates all known security
vulnerabilities affecting MS Internet Explorer, MS Outlook and MS
Outlook Express as well as three newly discovered vulnerabilities.
Install now to help maintain the security of your computer from these
vulnerabilities, the most serious of which could allow an malicious user
to run code on your system. This update includes the functionality of
all previously released patches.
|
|
|        System requirements  Windows 95/98/Me/2000/NT/XP
|        This update applies to  MS Internet Explorer, version 4.01 and
later
|       MS Outlook, version 8.00 and later
|       MS Outlook Express, version 4.01 and later
|        Recommendation Customers should install the patch at the
earliest opportunity.
|        How to install Run attached file. Choose Yes on displayed
dialog box.
|        How to use You don't need to do anything after installing this
item.
|
|       Microsoft Product Support Services and Knowledge Base articles
can be found on the Microsoft Technical Support web site. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site, or Contact Us.
|
|       Thank you for using Microsoft products.
|
|       Please do not reply to this message. It was sent from an
unmonitored e-mail address and we are unable to respond to any replies.
|
| --------------------------------------------------------------------------
|       The names of the actual companies and products mentioned herein
are the trademarks of their respective owners.
|
|      Contact Us  |  Legal  |  TRUSTe
|      ©2005 Microsoft Corporation. All rights reserved. Terms of Use  |
  Privacy Statement |  Accessibility
|
|
|
|
| ------------------------------------------------------------------------
|
| _______________________________________________
| Full-Disclosure - We believe in it.
| Charter: http://lists.grok.org.uk/full-disclosure-charter.html
| Hosted and sponsored by Secunia - http://www.secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCMhIYqxycD0HJH7IRAp5NAKDQQdfER1gQ9bQ8VkfrAwTSKUhc9ACdF7fx
oD4ttTRYwTuCUYh/GUJcJdg=
=KAn6
-----END PGP SIGNATURE-----




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: