Security Incidents mailing list archives

New virus disguised as Microsoft patch?

From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 19 Sep 2003 10:22:13 -0700

  No, this isn't the crude "500,000 already infected!"
garbage.  This is an extremely polished and convincing 
looking html email which claims to be a "September 2003, 
Cumulative Patch" and includes an attached "patch8678.exe".

  I've got four of these overnight, from broadband users
as far away from Microsoft as Greece.  Each is followed by 
an odd little NDR, presumably reporting failed delivery of
a delivery confirmation message.

David Gillett



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

New virus disguised as Microsoft patch? David Gillett (Sep 20)
- Re: New virus disguised as Microsoft patch? Alex Lambert (Sep 20)
- Re: New virus disguised as Microsoft patch? Kevin N. Carpenter (Sep 20)
  - Re: New virus disguised as Microsoft patch? Meritt James (Sep 22)
- Re: New virus disguised as Microsoft patch? Duston Sickler (Sep 20)
  - RE: New virus disguised as Microsoft patch? Larry Seltzer (Sep 22)