Security Incidents mailing list archives
Re: New virus disguised as Microsoft patch?
From: "Duston Sickler" <dustons () charter net>
Date: Sat, 20 Sep 2003 23:10:30 -0500
I too have been receiving some of these emails from as far away as France. The virus is w32.swen.a@mm (Symantec). It comes via email in two forms. 1. The very polished Microsoft email. (Complete with working links) 2. A fake message undeliverable response. This particular virus also spreads via p2p networks, open shares, and IRC. It could have been far more malicious in it's activity but whoever wrote it put a lot of time into it. It will even keep infected users from editing the registry to remove the start commands. This definitely wasn't someone's first attempt. Read more at your leisure here: http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a () mm html Duston Sickler CompTIA A+ Certified "Cedo nulli." ----- Original Message ----- From: "David Gillett" <gillettdavid () fhda edu> To: <incidents () securityfocus com> Sent: Friday, September 19, 2003 12:22 PM Subject: New virus disguised as Microsoft patch?
No, this isn't the crude "500,000 already infected!" garbage. This is an extremely polished and convincing looking html email which claims to be a "September 2003, Cumulative Patch" and includes an attached "patch8678.exe". I've got four of these overnight, from broadband users as far away from Microsoft as Greece. Each is followed by an odd little NDR, presumably reporting failed delivery of a delivery confirmation message. David Gillett --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- New virus disguised as Microsoft patch? David Gillett (Sep 20)
- Re: New virus disguised as Microsoft patch? Alex Lambert (Sep 20)
- Re: New virus disguised as Microsoft patch? Kevin N. Carpenter (Sep 20)
- Re: New virus disguised as Microsoft patch? Meritt James (Sep 22)
- Re: New virus disguised as Microsoft patch? Duston Sickler (Sep 20)
- RE: New virus disguised as Microsoft patch? Larry Seltzer (Sep 22)