Re: Fwd: Internet Security Update

["Gregory Le Bras | Security Corporation" <gregory.lebras () security-corporation com>]

> Folks,
>
> I don't think this is a real Microsoft security announcement
> (they wouldn't be likely to be sent via an unknown IP address over in
> the space owned by hiwaay.net), but it does appear to be the result
> of a hoax, a virus, or a Trojan Horse that I have not yet heard of.
>
> I've done various searches via Google and on the web sites of the
> anti-virus vendors, and haven't turned up anything on this issue.
> Have I missed something?

I also received an e-mail of the same type some days ago...

The attached file was named : update8.exe (155 468 bytes)

We can see in this file and in your file the following message : "Coded
...by Begbie, Slovakia"

I've also done various searches via Google and Symantec.com, and haven't
found anything....This is a new trojan, virus or other ?

I'll try to analyse the attached file.

Here the e-mail :

Return-Path: <alexis.c () attbi com>
Delivered-To: gregory.lebras () security-corp org
Received: (qmail 22973 invoked by uid 503); 7 Apr 2003 21:38:43 -0000
Received: from unknown (HELO rwcrmhc51.attbi.com) (204.127.198.38)
  by ns3518.ovh.net with SMTP; 7 Apr 2003 21:38:43 -0000
Date: Mon, 7 Apr 2003 21:38:34 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from nbljlas (12-252-188-53.client.attbi.com[12.252.188.53])
          by rwcrmhc51.attbi.com (rwcrmhc51) with SMTP
          id <2003040721382305100lu7bte>; Mon, 7 Apr 2003 21:38:31 +0000
FROM: "Microsoft Security Section" <oihcdygjr_146294 () HRopWouWTm com>
TO: "Microsoft Partner"
SUBJECT: New Internet Security Pack
X-Virus-Scanned: AVG
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="IGHvGmOLeSCacrkqAXyF"

--IGHvGmOLeSCacrkqAXyF
Content-Type: multipart/alternative; boundary="ZwqFxVeUubmrSH"

--ZwqFxVeUubmrSH
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Microsoft Partner

this is the latest version of security update, the
"April 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.

System requirements:
Win 9x/Me/2000/NT/XP

This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later

Recommendation:
Customers should install the patch at the earliest opportunity.

How to install:
Run attached file. Click Yes on displayed dialog box.

How to use:
You don't need to do anything after installing this item.

Microsoft Technical Support is available at
http://support.microsoft.com/

For security-related information about Microsoft products,
please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security

Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=3D/contactus/=
contactus.asp


Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

Thank you for using Microsoft products.

With friendly greetings,
Microsoft Security Section
________________________________________
=A92003 Microsoft Corporation. All rights reserved. The names of =
the actual companies
and products mentioned herein =
may be the trademarks of their respective owners.


---
Outgoing mail is certified Virus Free.
Checked by Symantec anti-virus system (http://www.symantec.com).
Release Date: 18.3.2003

--ZwqFxVeUubmrSH
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<BASEFONT SIZE=3D"2"><BR>
Microsoft Partner
<BR><BR>
this is the latest version of security update, the<BR>
"April 2003, Cumulative Patch" update which eliminates<BR>
all known security vulnerabilities affecting Internet Explorer,<BR>
Outlook and Outlook Express as well as five newly<BR>
discovered vulnerabilities. Install now to protect your computer<BR>
from these vulnerabilities, the most serious of which could allow<BR>
an attacker to run executable on your system. This update includes<BR>
the functionality of all previously released patches.<BR><BR>

<TABLE BORDER=3D"3" CELLPADDING=3D"3" BGCOLOR=3D"#80CBF6">
<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">System requirements</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">Win 9x/Me/2000/NT/XP</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">This update applies to</FONT></TD>
<TD NOWRAP>
<FONT SIZE=3D"2">
Microsoft Internet Explorer, version 4.01 and later<BR>
Microsoft Outlook, version 8.00 and later<BR>
Microsoft Outlook Express, version 4.01 and later
</FONT>
</TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">Recommendation</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">Customers should install the patch =
at the earliest opportunity.</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">How to install</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">Run attached file. =
Click Yes on displayed dialog box.</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">How to use</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">You don't need to do =
anything after installing this item.</FONT></TD>
</TR>
</TABLE>
<BR>

Microsoft Product Support Services and Knowledge Base articles<BR>
can be found on the <A HREF=3D"http://support.microsoft.com/";>=
Microsoft Technical Support</A> web site.<BR>
For security-related information about Microsoft products, please<BR>
visit the <A HREF=3D"http://www.microsoft.com/security";>
Microsoft Security Advisor</A> web site, =
or <A HREF=3D"http://www.microsoft.com/isapi/goregwiz.asp?=
target=3D/contactus/contactus.asp">Contact us.</A><BR><BR>

Please do not reply to this message. It was sent from an unmonitored<BR>
e-mail address and we are unable to respond to any replies.
<BR><BR>
Thank you for using Microsoft products.
<BR><BR>
With friendly greetings,
<BR>
Microsoft Security Section<BR>
<HR COLOR=3D"Blue" SIZE=3D"2" WIDTH=3D"400" ALIGN=3D"left">
<FONT COLOR=3D"Gray">=A92003 Microsoft Corporation. All =
rights reserved. The names of the actual companies<BR>
and products mentioned herein may be the trademarks of =
their respective owners.</FONT>

<BR><BR>---
<BR>Outgoing mail is certified Virus Free.
<BR>Checked by Symantec anti-virus system (http://www.symantec.com).
<BR>Release Date: 18.3.2003

</BODY></HTML>


Regards,

-------
Gregory LEBRAS
Chief Executive Officer
Security Corporation

www.security-corporation.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html