Full Disclosure mailing list archives
Re: Fwd: Internet Security Update
From: "Gregory Le Bras | Security Corporation" <gregory.lebras () security-corporation com>
Date: Tue, 8 Apr 2003 21:38:21 +0200
Folks, I don't think this is a real Microsoft security announcement (they wouldn't be likely to be sent via an unknown IP address over in the space owned by hiwaay.net), but it does appear to be the result of a hoax, a virus, or a Trojan Horse that I have not yet heard of. I've done various searches via Google and on the web sites of the anti-virus vendors, and haven't turned up anything on this issue. Have I missed something?
I also received an e-mail of the same type some days ago... The attached file was named : update8.exe (155 468 bytes) We can see in this file and in your file the following message : "Coded ...by Begbie, Slovakia" I've also done various searches via Google and Symantec.com, and haven't found anything....This is a new trojan, virus or other ? I'll try to analyse the attached file. Here the e-mail : Return-Path: <alexis.c () attbi com> Delivered-To: gregory.lebras () security-corp org Received: (qmail 22973 invoked by uid 503); 7 Apr 2003 21:38:43 -0000 Received: from unknown (HELO rwcrmhc51.attbi.com) (204.127.198.38) by ns3518.ovh.net with SMTP; 7 Apr 2003 21:38:43 -0000 Date: Mon, 7 Apr 2003 21:38:34 +0000 (GMT) X-Comment: Sending client does not conform to RFC822 minimum requirements X-Comment: Date has been added by Maillennium. Received: from nbljlas (12-252-188-53.client.attbi.com[12.252.188.53]) by rwcrmhc51.attbi.com (rwcrmhc51) with SMTP id <2003040721382305100lu7bte>; Mon, 7 Apr 2003 21:38:31 +0000 FROM: "Microsoft Security Section" <oihcdygjr_146294 () HRopWouWTm com> TO: "Microsoft Partner" SUBJECT: New Internet Security Pack X-Virus-Scanned: AVG Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="IGHvGmOLeSCacrkqAXyF" --IGHvGmOLeSCacrkqAXyF Content-Type: multipart/alternative; boundary="ZwqFxVeUubmrSH" --ZwqFxVeUubmrSH Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Microsoft Partner this is the latest version of security update, the "April 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches. System requirements: Win 9x/Me/2000/NT/XP This update applies to: Microsoft Internet Explorer, version 4.01 and later Microsoft Outlook, version 8.00 and later Microsoft Outlook Express, version 4.01 and later Recommendation: Customers should install the patch at the earliest opportunity. How to install: Run attached file. Click Yes on displayed dialog box. How to use: You don't need to do anything after installing this item. Microsoft Technical Support is available at http://support.microsoft.com/ For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security Contact us at http://www.microsoft.com/isapi/goregwiz.asp?target=3D/contactus/= contactus.asp Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. Thank you for using Microsoft products. With friendly greetings, Microsoft Security Section ________________________________________ =A92003 Microsoft Corporation. All rights reserved. The names of = the actual companies and products mentioned herein = may be the trademarks of their respective owners. --- Outgoing mail is certified Virus Free. Checked by Symantec anti-virus system (http://www.symantec.com). Release Date: 18.3.2003 --ZwqFxVeUubmrSH Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD><BODY> <BASEFONT SIZE=3D"2"><BR> Microsoft Partner <BR><BR> this is the latest version of security update, the<BR> "April 2003, Cumulative Patch" update which eliminates<BR> all known security vulnerabilities affecting Internet Explorer,<BR> Outlook and Outlook Express as well as five newly<BR> discovered vulnerabilities. Install now to protect your computer<BR> from these vulnerabilities, the most serious of which could allow<BR> an attacker to run executable on your system. This update includes<BR> the functionality of all previously released patches.<BR><BR> <TABLE BORDER=3D"3" CELLPADDING=3D"3" BGCOLOR=3D"#80CBF6"> <TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"2">System requirements</FONT></TD> <TD NOWRAP><FONT SIZE=3D"2">Win 9x/Me/2000/NT/XP</FONT></TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"2">This update applies to</FONT></TD> <TD NOWRAP> <FONT SIZE=3D"2"> Microsoft Internet Explorer, version 4.01 and later<BR> Microsoft Outlook, version 8.00 and later<BR> Microsoft Outlook Express, version 4.01 and later </FONT> </TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"2">Recommendation</FONT></TD> <TD NOWRAP><FONT SIZE=3D"2">Customers should install the patch = at the earliest opportunity.</FONT></TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"2">How to install</FONT></TD> <TD NOWRAP><FONT SIZE=3D"2">Run attached file. = Click Yes on displayed dialog box.</FONT></TD> </TR> <TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"2">How to use</FONT></TD> <TD NOWRAP><FONT SIZE=3D"2">You don't need to do = anything after installing this item.</FONT></TD> </TR> </TABLE> <BR> Microsoft Product Support Services and Knowledge Base articles<BR> can be found on the <A HREF=3D"http://support.microsoft.com/">= Microsoft Technical Support</A> web site.<BR> For security-related information about Microsoft products, please<BR> visit the <A HREF=3D"http://www.microsoft.com/security"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/isapi/goregwiz.asp?= target=3D/contactus/contactus.asp">Contact us.</A><BR><BR> Please do not reply to this message. It was sent from an unmonitored<BR> e-mail address and we are unable to respond to any replies. <BR><BR> Thank you for using Microsoft products. <BR><BR> With friendly greetings, <BR> Microsoft Security Section<BR> <HR COLOR=3D"Blue" SIZE=3D"2" WIDTH=3D"400" ALIGN=3D"left"> <FONT COLOR=3D"Gray">=A92003 Microsoft Corporation. All = rights reserved. The names of the actual companies<BR> and products mentioned herein may be the trademarks of = their respective owners.</FONT> <BR><BR>--- <BR>Outgoing mail is certified Virus Free. <BR>Checked by Symantec anti-virus system (http://www.symantec.com). <BR>Release Date: 18.3.2003 </BODY></HTML> Regards, ------- Gregory LEBRAS Chief Executive Officer Security Corporation www.security-corporation.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fwd: Internet Security Update Brad Knowles (Apr 08)
- Re: Fwd: Internet Security Update Joe Stewart (Apr 08)
- Re: Fwd: Internet Security Update Ward Vandewege (Apr 08)
- RE: Fwd: Internet Security Update digitz (Apr 08)
- Re: Fwd: Internet Security Update KF (Apr 08)
- Re: Fwd: Internet Security Update Gregory Le Bras | Security Corporation (Apr 08)
- Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)
- Re: Fwd: Internet Security Update Brad Knowles (Apr 08)
- Re: Fwd: Internet Security Update Ron DuFresne (Apr 08)
- Re: Fwd: Internet Security Update Nicob (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Nicolas Villatte (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Brad Knowles (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Nick FitzGerald (Apr 08)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Brad Knowles (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Michael Osten (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ron DuFresne (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Ward Vandewege (Apr 09)
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET SECURITY UPDATE Brad Knowles (Apr 08)