Full Disclosure mailing list archives

New MS Patch - Any Idea What This Is

From: "Anthony Aykut" <anthony.aykut () frame4 com>
Date: Tue, 14 Oct 2003 22:41:48 +0200

Hi,

Anyone come across this one?? I have *just* received this - yet another
email claiming to be from MS (showing initially as being from
mbsyaojmmlds_tptnjv () confidence msdn com), titled 'New Patch'. Same nice HTML
page, with message body...

Microsoft User

this is the latest version of security update, the "October 2003, Cumulative
Patch" update which eliminates all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to
continue keeping your computer secure from these vulnerabilities, the most
serious of which could allow an attacker to run code on your computer. This
update includes the functionality of all previously released patches.

...with an attachment 'UPDATE.exe', 69Bytes. My Norton AV, with virus
patterns dated 8th October doesn't give ANY warnings whatsoever, nothing
gets quarantined though the attachment gets saved as 0 bytes - so some
checking/stripping takes place.

Message headers...

Return-Path: <bterrel86 () charter net>
Delivered-To: anthony.aykut@5
Received: (qmail 28201 invoked by uid 457); 14 Oct 2003 20:02:36 -0000
Delivered-To: frame4.com-webmaster () frame4 com
Received: (qmail 28196 invoked from network); 14 Oct 2003 20:02:36 -0000
Received: from unknown (HELO remt25.cluster1.charter.net) (209.225.8.35)
  by hosting-132-36.phpwebhosting.com with SMTP; 14 Oct 2003 20:02:36 -0000
Received: from [68.112.20.189] (HELO ysjug)
  by remt25.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6)
  with SMTP id 26689859; Tue, 14 Oct 2003 16:02:03 -0400
FROM: "Microsoft" <mbsyaojmmlds_tptnjv () confidence msdn com>
TO: "User" <kqmr () confidence msdn com>
SUBJECT: New Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="zcwyruuzitrbo"
Date: Tue, 14 Oct 2003 16:02:04 -0400
Message-ID: <auto-000026689859 () remt25 cluster1 charter net>

Regards,

Anthony Aykut
Frame4 Security Systems
Your Partner in IT Security
http://www.frame4.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Re: Any news on www.kievonline.org site?, (continued)
- - - Re: Re: Any news on www.kievonline.org site? Nick FitzGerald (Oct 14)
- Re: Any news on www.kievonline.org site? William D. Colburn (aka Schlake) (Oct 14)
  - Re: Any news on www.kievonline.org site? John Sage (Oct 14)
    - RE: Any news on www.kievonline.org site? Steve Wray (Oct 14)
- Re: Any news on www.kievonline.org site? Dan Brosemer (Oct 14)
- Re: Any news on www.kievonline.org site? Denis Dimick (Oct 14)
- RE: Any news on www.kievonline.org site? John . Airey (Oct 14)
  - RE: Any news on www.kievonline.org site? Jonathan A. Zdziarski (Oct 14)
  - Re: Any news on www.kievonline.org site? gregh (Oct 14)
- RE: Any news on www.kievonline.org site? Mark Challender (Oct 14)
  - New MS Patch - Any Idea What This Is Anthony Aykut (Oct 14)
    - Re: New MS Patch - Any Idea What This Is Joshua Levitsky (Oct 14)
- Any news on www.kievonline.org site? Anonymous (Oct 14)
- RE: Any news on www.kievonline.org site? John . Airey (Oct 15)
  - Re: Any news on www.kievonline.org site? Bones (Oct 15)
    - Re: Any news on www.kievonline.org site? Jonathan A. Zdziarski (Oct 15)
    - Re: Any news on www.kievonline.org site? Maxime Ducharme (Oct 15)
- Re: Any news on www.kievonline.org site? Sean Earp (Oct 15)