# Micro Soft Virus Warning



## KenpoGirl (Sep 19, 2003)

Seems there is a new email virus out there.  
It come in the guise of a email from Microsoft, seems they are sending a updated service pack by email, but the attachment crashes the machine.

don't open anything with ms service pack or MS update that comes to you via email

I received 3 just this morning.

Dot


----------



## Bob Hubbard (Sep 19, 2003)

Micro$oft doesn't send service packs by email.  Never have, Never will.

Use the Windows Update feature to update your PC.

Make certain your antivirus is upto date.  (Check it don't depend on it...better yet, force it to update.)

Clean out all the spyware from your system

And make sure you're running a firewall like ZoneAlarm.


Oh, and don't click on attachments from strangers...and double check on the ones from friends too as some viruses masqurade as your buddies.


Be smart, be safe, and above all..... THINK!


----------



## KenpoMatt (Sep 19, 2003)

> *"...knowing is half the battle."*
> _Duke, from G.I. Joe_



Did you know... 

1) Change the settings on your mail client (such a MS Outlook) so that you are not "previewing" mail in the preview pane. It is possible to open & execute a virus or worm attachment without double clicking the email.

2) We all know that executable programs carry the _.exe_ extension in Windows. Double click an _exe_ file and it will run. Well, most people are not aware that Windows also supports executables with a _.com_ extension. 

Most viruses cannot execute unless triggered (double clicked) by a user. Some virus writers have taken to writing nasty programs with _.com_ extensions instead of the more common _.exe_ extension. They email it out in the hopes that someone will see the _.com_ extension and assume it is a web site, not an executable program. 

There is a simple way to avoid opening one of these type of viruses. Web links only require you to click them once. Executables require you to double click them. Don't ever double click an email attachment with a _.com_ extension.


----------



## Bob Hubbard (Sep 19, 2003)

Here is the text of the email containing the virus.  Please notice the parts I bolded.  Also the virus warning at the bottom is from my email scanner.

===
Envelope-to: webmaster@martialtalk.com 
*FROM: "Microsoft Corporation Public Services" <apjnjclpwlklqk@news.net> 
TO: "Commercial Consumer" <eoezm-ljjohki@news.net> 
SUBJECT: Net Pack *
Date: Fri, 19 Sep 2003 18:39:25 -0700 
X-Spam-Status: No, hits=1.5 required=5.0 
        tests=MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET, 
              RCVD_IN_OSIRUSOFT_COM 
        version=2.55 
X-Spam-Level: * 
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) 

Microsoft    All Products |  Support |  Search |  Microsoft.com Guide   
Microsoft Home    


Microsoft Consumer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.  


 System requirements  Windows 95/98/Me/2000/NT/XP 
 This update applies to  MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later  
 Recommendation Customers should install the patch at the earliest opportunity. 
 How to install Run attached file. Choose Yes on displayed dialog box. 
 How to use You don't need to do anything after installing this item. 

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us. 

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.  

 Contact Us  |  Legal  |  TRUSTe  
 ©2003 Microsoft Corporation. All rights reserved. Terms of Use  |  Privacy Statement |  Accessibility  



Viruses found in the attached files.
The attached file qpl.zl9 is infected by I-Worm/Swen.A. The attachment was moved to the virus vault.


----------



## Kgirl (Sep 19, 2003)

Oh great, not another one! What does this one do? I remember the trouble I had with people calling me to fix their PC's after the Blaster worm hit.

Microsoft Update is meant to help fix this sort of vunerablity. I don't trust it somehow.


----------



## Michael Billings (Sep 19, 2003)

I finished this post and there it was.  You have to wonder about any kind of attachment named "deletedo.txt" - that is the actual name of the attachment I just received.

-MB


----------



## jfarnsworth (Sep 20, 2003)

I hope that our government starts to put these people in prison!   This is just absolute B.S.!!!! I'm having problems with my computer at work shutting off on me. We have ran the corporate worm and virus detection so far it has worked but now it'll just shut off whenever. This is just one of my peeves.


----------



## pknox (Sep 20, 2003)

I've been getting them for the last few days, and have been deleting them, as I didn't think they were authentic.  Am I already screwed because I viewed them (I had the preview pane on in Outlook up til now), or am I OK as long as I didn't download and execute the attachment with it?

Michael --

My attachment was an .exe, so they may have various versions out there -- I don't remember the name, but it was somewhat official sounding.

These people are nasty, and evidently getting smarter everyday.


----------



## Bob Hubbard (Sep 20, 2003)

Theoretically, you should be ok, however there are virus' that execute on reciept. 

Anyone on the internet and not running a reliable and regularly maintained anti virus program in my opinion is an idiot, and needs a serious whoopin. 


Do a scan of your system just to be certain.  If your AVS is up to speed, and it didn't toss up a warning, you should 'theoretically' be ok.

:asian:


----------



## Michael Billings (Sep 20, 2003)

Deleted as usual, but now they are on my webmail as well as my IPO mail.

-MB


----------



## cali_tkdbruin (Sep 20, 2003)

Those S__theads sent me one of those fake MS emails with the virus too. I was wise enough not to open it, but to delete it ASAP. And yes, we definitely do need to put the scumbags responsible for this virus in prison for a long time...


----------



## jfarnsworth (Sep 20, 2003)

Where is everyone getting these e-mails from? I don't believe that I have seen one yet in my yahoo mail. Is it only microsoft outlook 'cause the last time I opened it after months there was like 300 new e-mail there. Never open anything just delete it out from there. I'm just curious at where these things are at to be aware of.:asian:


----------



## Bob Hubbard (Sep 20, 2003)

Nope, I use Eudora.  Like any other worm/virus it most likely harvests emails.  You must not be as popular as the rest of us.


----------



## TheEdge883 (Sep 21, 2003)

> _Originally posted by jfarnsworth _
> *Where is everyone getting these e-mails from? I don't believe that I have seen one yet in my yahoo mail. Is it only microsoft outlook 'cause the last time I opened it after months there was like 300 new e-mail there. Never open anything just delete it out from there. I'm just curious at where these things are at to be aware of.:asian: *



Most of mine are coming through my two main email addresses, the ones that I post freely on the internet. The ones I don't (my yahoo, and my other 5 AOL addresses) do not receive any. It looks to me like some kind of worm similar to SoBig, it sets up a bogus email address to send from and replicates itself to that particular address. I have received at least a couple hundred over the past couple weeks.


----------



## jfarnsworth (Sep 21, 2003)

> _Originally posted by Kaith Rustaz _
> *Nope, I use Eudora.  Like any other worm/virus it most likely harvests emails.  You must not be as popular as the rest of us.  *



Bob,
That's the story of my life. 

I need to hang out in the dark kingdom with some new found friends.  Maybe they will accept me for who I am. 

On another note after scanning with that spyware my norton systems works registry found 75 errors on it.  They are fixed and my computer runs better but I need to get this spyware off of my computer then my wife will feel a little more comfortable.


----------



## pknox (Oct 3, 2003)

Is anybody else still getting these?  I'd say I'm up to about 50 or so a day now.  I'm thinking of seeting up a filter to block anything from "Microsoft", but they come in from all kinds of addresses/names, and I was wondering if there was anything else I could do?


----------



## pknox (Oct 3, 2003)

I set up an Outlook message rule, and it blocks out subject and body incidences of "Microsoft", "microsoft", "MS", and "ms" (I duplicated because I'm not sure if it's case sensitive).  We'll see how it works.


----------



## Elfan (Oct 4, 2003)

I just told Mozilla that these message were junk (Mozilla uses bayesian spam filttering) and that was that.  I probably still get 20 a day but I don't even look at them.


----------

