Full Disclosure mailing list archives
Another noxious M$ trojan
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Wed, 19 Nov 2003 18:22:12 -0800
Hello all: Heads up - I received this in my mailbox this afternoon (Wednesday PST). Headers:
From qwm () dns njuct edu cn Wed Nov 19 16:51:17 2003
Received: from dns.njuct.edu.cn (dns.njuct.edu.cn [202.119.248.66]) by netpublishing.com (8.12.9p1/8.11.3) with ESMTP id hAK0pD8R098529 for <ggilliss () netpublishing com>; Wed, 19 Nov 2003 16:51:14 -0800 (PST) (envelope-from qwm () dns njuct edu cn) Received: from zevvf ([202.119.246.91]) by dns.njuct.edu.cn (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35) with SMTP id cn; Tue, 18 Nov 2003 20:47:26 +0800 FROM: "Microsoft Corporation Network Security Center" <fwjgjwa_ywbwi@lb.redirect .msnbc.com> TO: "MS Corporation User" <fxlq-jwrroi () lb redirect msnbc com> SUBJECT: New Upgrade Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="xqciegkfiiol" Date: Tue, 18 Nov 2003 20:47:26 +0800 Partial text: MS User this is the latest version of security update, the "November 2004, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to continue keeping your computer secure from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your computer. This update includes the functionality of all previously released patches. Attachment: update1991.exe [applica/x-msdownlo, base64, 140K] Since I run UNIX, I cannot run this through a windows virus scanner. I did check Symantec and there's no listing for update1991.exe. Anyone wants the noxious binary, email me off list and I will post it somewhere publicly accessible. G -- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Another noxious M$ trojan Gregory A. Gilliss (Nov 19)
- Re: Another noxious M$ trojan Valdis . Kletnieks (Nov 19)
- Re: Another noxious M$ trojan :-) (Nov 20)
- Re: Another noxious M$ trojan Bart . Lansing (Nov 20)
- <Possible follow-ups>
- Re: Another noxious M$ trojan Gregory A. Gilliss (Nov 19)
- Re: Another noxious M$ trojan Oliver Heinz (Nov 19)
- Re: Another noxious M$ trojan Nick FitzGerald (Nov 19)
- Message not available
- Re: Another noxious M$ trojan Gregory A. Gilliss (Nov 19)