Re: Another noxious M$ trojan

[Bart.Lansing () kohls com]

Right off the bat I am going to be leary of any email supposedly from a
major vendor that can't get the year right.

Bart Lansing
Manager, NeSST
Kohl's IT


full-disclosure-admin () lists netsys com wrote on 11/20/2003 01:01:19 PM:

> Hello,
>
> Wondering if anyone on this list downloaded this virus?  If so, may
> I have a copy?  THANKS
>
> Sam
>
> "Gregory A. Gilliss" <ggilliss () netpublishing com> wrote:
> Hello all:
>
> Heads up - I received this in my mailbox this afternoon (Wednesday PST).
>
> Headers:
>
> From qwm () dns njuct edu cn Wed Nov 19 16:51:17 2003
> Received: from dns.njuct.edu.cn (dns.njuct.edu.cn [202.119.248.66])
> by netpublishing.com (8.12.9p1/8.11.3) with ESMTP id hAK0pD8R098529
> for ; Wed, 19 Nov 2003 16:51:14 -0800 (PST)
> (envelope-from qwm () dns njuct edu cn)
> Received: from zevvf ([202.119.246.91]) by dns.njuct.edu.cn
> (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35)
> with SMTP id cn; Tue, 18 Nov 2003 20:47:26 +0800
> FROM: "Microsoft Corporation Network Security Center" .msnbc.com>
> TO: "MS Corporation User"
> SUBJECT: New Upgrade
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="xqciegkfiiol"
> Date: Tue, 1! 8 Nov 2003 20:47:26 +0800
>
> Partial text:
>
> MS User
>
> this is the latest version of security update, the
> "November 2004, Cumulative Patch" update which fixes
> all known security vulnerabilities affecting
> MS Internet Explorer, MS Outlook and MS Outlook Express.
> Install now to continue keeping your computer secure
> from these vulnerabilities, the most serious of which could
> allow an malicious user to run executable on your computer.
> This update includes the functionality of all previously released
patches.
> Attachment:
>
> update1991.exe [applica/x-msdownlo, base64, 140K]
>
> Since I run UNIX, I cannot run this through a windows virus scanner.
> I did check Symantec and there's no listing for update1991.exe. Anyone
> wants the noxious binary, email me off list and I will post it somewhere
> publicly accessible.
>
> G
>
> --
> Gregory A. Gilliss, CISSP E-mail: greg () gilliss com
> Computer Security WWW: http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4
> 14 0E 8C A3
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> Do you Yahoo!?
> Free Pop-Up Blocker - Get it now


CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is 
expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message 
created, sent and received.  Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html