A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » Processors » Overclocking
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Flood of virus and patch warnings from Microsoft. Is a new worm loose or is it spam?



 
 
Thread Tools Display Modes
  #1  
Old September 19th 03, 06:07 AM
Phil Weldon
external usenet poster
 
Posts: n/a
Default Flood of virus and patch warnings from Microsoft. Is a new worm loose or is it spam?

Has anyone in the newsgroup had this experience today (September 18)? I've
received over 40 messages from Microsoft today, most with attachments
warning of the importance of security. The messages are in html and the
contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at
least SOME of the headers don't seem to conform to the usual form Microsoft
messages use. Some of these e-mail messages have executables attached. I,
of course, have not opened any of the executables, and, according to SANS
and Microsoft Windows Update (and Microsoft Office Update) have ALL the
latest patches. Also I have all the Norton AV updates as of 17SEP03 and
18SEP03. None of these email messages are tagged as viral or vermal.

This is a list of the FROM and SUBJECT lines -
1. Microsoft Program Security Department Network Upgrade
2. Last
Microsoft Security Upgrade
3. Microsoft Network Mail System Advice
4. MS Customer Services Net Security Pack
5. Microsoft Program Security Department
6. MS Corporation Public Assistance New Internet Patch
7. Microsoft Newest
Network Security Patch
8. MS Customer Services New Security Patch
9. Microsoft Internet Security Department Internet Critical Update
10. Microsoft Latest
Microsoft Patch
11. MS Corporation Network Security Center New Network Critical Upgrade
12. Microsoft Corporation Customer Assistance Last Microsoft Security
Update
13. Microsoft Corporation Internet Security New Network Critical Pack
14. MS Internet Security Division newest microsoft pack

Well, you get the idea. It seems that a worm is out and about that
generates e-mail that looks like legitimate Microsoft update warnings; the
FROM line and the SUBJECT LINE seem to be generated by the worm to make each
message seem to be for a different purpose as part of a DOS attack on the
Microsoft website's ability to provide security patches.

The other anomoly to day is a spate of "undeliverable message" warnings that
had TO lines that are not any that I've ever used and that are not in any
list in my systems. I'd guess that my e-mail address is in a system
infected by the worm responsible.

Let's be careful out there!

Phil Weldon,












Microsoft


  #2  
Old September 19th 03, 06:25 AM
Phil Weldon
external usenet poster
 
Posts: n/a
Default

Oh yes, I forgot to add that the body is the same for all these purported
messages from Microsoft!

Phil Weldon,

"Phil Weldon" wrote in message
hlink.net...
..
..
..


  #3  
Old September 19th 03, 06:57 AM
Phil Weldon
external usenet poster
 
Posts: n/a
Default

Thanks a lot. That's the body of the e-mail, but, unlike the description in
the Symantec site, the e-mail contains no infective material.

I think Symantec is going to upgrade the threat level soon; I've never seen
such a vermal spew! I haven't had a virus since the 'Stoned' boot sector
virus when I was in Jordan during Gulf War I (or II, according to whether
you count the Iran-Iraq War as Gulf War I). I don't want to get a virus
this time around.

Phil Weldon,

"Michael Cecil" wrote in message
...
On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon"
wrote:

Has anyone in the newsgroup had this experience today (September 18)?


No. It's just you. Whatever did you do to **** off Microsoft?

Uh, yes. 700+ so far to my unmunged address. They like me, they
really, really like me! It's the W32.Swen.A@mm worm.


--
Michael Cecil

http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/



  #4  
Old September 19th 03, 07:54 AM
Winey
external usenet poster
 
Posts: n/a
Default

On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon"

Phil,

Microsoft NEVER sends out actual files with their security notices.
My Norton AV always detects some kind of virus, not only SoBIG.F, in
these attachments. Always.

MS wants you to go to their web site, and force you to run an audit
program on your system, so it can "advise" you on needed packages. To
that, I say horse puckey. For IT personnel, the patches are all
posted as standalone files. so you don't have to grant MS access (no
pun!) to your system.

--W--


wrote:

Has anyone in the newsgroup had this experience today (September 18)? I've
received over 40 messages from Microsoft today, most with attachments
warning of the importance of security. The messages are in html and the
contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at
least SOME of the headers don't seem to conform to the usual form Microsoft
messages use. Some of these e-mail messages have executables attached. I,
of course, have not opened any of the executables, and, according to SANS
and Microsoft Windows Update (and Microsoft Office Update) have ALL the
latest patches. Also I have all the Norton AV updates as of 17SEP03 and
18SEP03. None of these email messages are tagged as viral or vermal.

This is a list of the FROM and SUBJECT lines -
1. Microsoft Program Security Department Network Upgrade
2. Last
Microsoft Security Upgrade
3. Microsoft Network Mail System Advice
4. MS Customer Services Net Security Pack
5. Microsoft Program Security Department
6. MS Corporation Public Assistance New Internet Patch
7. Microsoft Newest
Network Security Patch
8. MS Customer Services New Security Patch
9. Microsoft Internet Security Department Internet Critical Update
10. Microsoft Latest
Microsoft Patch
11. MS Corporation Network Security Center New Network Critical Upgrade
12. Microsoft Corporation Customer Assistance Last Microsoft Security
Update
13. Microsoft Corporation Internet Security New Network Critical Pack
14. MS Internet Security Division newest microsoft pack

Well, you get the idea. It seems that a worm is out and about that
generates e-mail that looks like legitimate Microsoft update warnings; the
FROM line and the SUBJECT LINE seem to be generated by the worm to make each
message seem to be for a different purpose as part of a DOS attack on the
Microsoft website's ability to provide security patches.

The other anomoly to day is a spate of "undeliverable message" warnings that
had TO lines that are not any that I've ever used and that are not in any
list in my systems. I'd guess that my e-mail address is in a system
infected by the worm responsible.

Let's be careful out there!

Phil Weldon,












Microsoft


  #5  
Old September 19th 03, 08:56 AM
David Maynard
external usenet poster
 
Posts: n/a
Default

Winey wrote:
On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon"

Phil,

Microsoft NEVER sends out actual files with their security notices.
My Norton AV always detects some kind of virus, not only SoBIG.F, in
these attachments. Always.


Norton doesn't necessarily detect them if they're new and, like Phil, it didn't
detect those on mine when they came in either but I notice there's a new NAV
file out dated 9/18/2003. I wonder why a new one was needed on the same day?


MS wants you to go to their web site, and force you to run an audit


They didn't come from Microsoft.

program on your system, so it can "advise" you on needed packages. To
that, I say horse puckey. For IT personnel, the patches are all
posted as standalone files. so you don't have to grant MS access (no
pun!) to your system.

--W--


wrote:


Has anyone in the newsgroup had this experience today (September 18)? I've
received over 40 messages from Microsoft today, most with attachments
warning of the importance of security. The messages are in html and the
contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at
least SOME of the headers don't seem to conform to the usual form Microsoft
messages use. Some of these e-mail messages have executables attached. I,
of course, have not opened any of the executables, and, according to SANS
and Microsoft Windows Update (and Microsoft Office Update) have ALL the
latest patches. Also I have all the Norton AV updates as of 17SEP03 and
18SEP03. None of these email messages are tagged as viral or vermal.

This is a list of the FROM and SUBJECT lines -
1. Microsoft Program Security Department Network Upgrade
2. Last
Microsoft Security Upgrade
3. Microsoft Network Mail System Advice
4. MS Customer Services Net Security Pack
5. Microsoft Program Security Department
6. MS Corporation Public Assistance New Internet Patch
7. Microsoft Newest
Network Security Patch
8. MS Customer Services New Security Patch
9. Microsoft Internet Security Department Internet Critical Update
10. Microsoft Latest
Microsoft Patch
11. MS Corporation Network Security Center New Network Critical Upgrade
12. Microsoft Corporation Customer Assistance Last Microsoft Security
Update
13. Microsoft Corporation Internet Security New Network Critical Pack
14. MS Internet Security Division newest microsoft pack

Well, you get the idea. It seems that a worm is out and about that
generates e-mail that looks like legitimate Microsoft update warnings; the


FROM line and the SUBJECT LINE seem to be generated by the worm to make each


message seem to be for a different purpose as part of a DOS attack on the
Microsoft website's ability to provide security patches.

The other anomoly to day is a spate of "undeliverable message" warnings that
had TO lines that are not any that I've ever used and that are not in any
list in my systems. I'd guess that my e-mail address is in a system
infected by the worm responsible.

Let's be careful out there!

Phil Weldon,












Microsoft





  #6  
Old September 19th 03, 09:13 AM
David Maynard
external usenet poster
 
Posts: n/a
Default

Phil Weldon wrote:
Has anyone in the newsgroup had this experience today (September 18)? I've
received over 40 messages from Microsoft today, most with attachments
warning of the importance of security. The messages are in html and the
contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at
least SOME of the headers don't seem to conform to the usual form Microsoft
messages use. Some of these e-mail messages have executables attached. I,
of course, have not opened any of the executables, and, according to SANS
and Microsoft Windows Update (and Microsoft Office Update) have ALL the
latest patches. Also I have all the Norton AV updates as of 17SEP03 and
18SEP03. None of these email messages are tagged as viral or vermal.

This is a list of the FROM and SUBJECT lines -
1. Microsoft Program Security Department Network Upgrade
2. Last
Microsoft Security Upgrade
3. Microsoft Network Mail System Advice
4. MS Customer Services Net Security Pack
5. Microsoft Program Security Department
6. MS Corporation Public Assistance New Internet Patch
7. Microsoft Newest
Network Security Patch
8. MS Customer Services New Security Patch
9. Microsoft Internet Security Department Internet Critical Update
10. Microsoft Latest
Microsoft Patch
11. MS Corporation Network Security Center New Network Critical Upgrade
12. Microsoft Corporation Customer Assistance Last Microsoft Security
Update
13. Microsoft Corporation Internet Security New Network Critical Pack
14. MS Internet Security Division newest microsoft pack

Well, you get the idea. It seems that a worm is out and about that
generates e-mail that looks like legitimate Microsoft update warnings; the
FROM line and the SUBJECT LINE seem to be generated by the worm to make each
message seem to be for a different purpose as part of a DOS attack on the
Microsoft website's ability to provide security patches.

The other anomoly to day is a spate of "undeliverable message" warnings that
had TO lines that are not any that I've ever used and that are not in any
list in my systems. I'd guess that my e-mail address is in a system
infected by the worm responsible.

Let's be careful out there!

Phil Weldon,


Yeah. I got them too, although not as many. Norton didn't see them.

My ISP filters for viri and, in addition to the fake microsoft stuff that their
scanner didn't detect either, this is the second round of messages from them
that I was 'sent' a virus. First group came in around Sept 4 I think it was.
Went on for three days on a semi regular hourly schedule and then whoever was
infected apparently found it because it stopped, till the 18'th when a new spat
came in with a different virus listed in the notice.

This time I didn't get undeliverable mail messages but last time I did with my
email forged in as the 'from' address. But then I haven't checked email in the
last 10 minutes.

Microsoft never sends update files through email but I'll bet a lot of people
fall for it because whoever faked it went to a lot of effort this time to make
it 'look' legit.




  #7  
Old September 19th 03, 09:30 AM
Phil Weldon
external usenet poster
 
Posts: n/a
Default

Yes, I think you are correct, David. None of the 18SEP03 vermal infections
were identified by NortonAV, but I manually downloaded the latest NortonAV
definitions (~ 4.03 Mbytes) and now all the new verminal e-mail for 19SEP03
are detected as infected with Worm.Automat.AHB.

The 18SEP03 infected e-mail had the infectious package blocked by Microsoft
Outlook 2000 (because of a security patch installed earlier.) Norton
Antivirus 2003 DID NOT IDENTIFY the infectious package and OFFERED NO
PROTECTION before manually installing the latest patch. The only automatic
security prevention infection before this new NAV definition package was
provided by Outlook 2000 SP3 Security Update (Internet Mail Only.)

I think it IS important for people to make appropriate use of Windows and
Office Update; all those who don't have it set to automatic and who don't
use manual installation contribute to the spread of these worms. Those who
have a disdain for Microsoft are welcome to whatever use they make of the
patching services, but NOT if it affects MY use of the internet.

Phil Weldon,

"David Maynard" wrote in message
...
Winey wrote:
On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon"

Phil,

Microsoft NEVER sends out actual files with their security notices.
My Norton AV always detects some kind of virus, not only SoBIG.F, in
these attachments. Always.


Norton doesn't necessarily detect them if they're new and, like Phil, it

didn't
detect those on mine when they came in either but I notice there's a new

NAV
file out dated 9/18/2003. I wonder why a new one was needed on the same

day?


MS wants you to go to their web site, and force you to run an audit


They didn't come from Microsoft.

program on your system, so it can "advise" you on needed packages. To
that, I say horse puckey. For IT personnel, the patches are all
posted as standalone files. so you don't have to grant MS access (no
pun!) to your system.

--W--


wrote:


Has anyone in the newsgroup had this experience today (September 18)?

I've
received over 40 messages from Microsoft today, most with attachments
warning of the importance of security. The messages are in html and the
contents seem to be legitimate, and the 'smart' URL's are legitimate,

BUT at
least SOME of the headers don't seem to conform to the usual form

Microsoft
messages use. Some of these e-mail messages have executables attached.

I,
of course, have not opened any of the executables, and, according to

SANS
and Microsoft Windows Update (and Microsoft Office Update) have ALL the
latest patches. Also I have all the Norton AV updates as of 17SEP03 and
18SEP03. None of these email messages are tagged as viral or vermal.

This is a list of the FROM and SUBJECT lines -
1. Microsoft Program Security Department Network Upgrade
2.

Last
Microsoft Security Upgrade
3. Microsoft Network Mail System Advice
4. MS Customer Services Net Security

Pack
5. Microsoft Program Security Department
6. MS Corporation Public Assistance New Internet Patch
7. Microsoft Newest
Network Security Patch
8. MS Customer Services New Security

Patch
9. Microsoft Internet Security Department Internet Critical

Update
10. Microsoft Latest
Microsoft Patch
11. MS Corporation Network Security Center New Network Critical Upgrade
12. Microsoft Corporation Customer Assistance Last Microsoft Security
Update
13. Microsoft Corporation Internet Security New Network Critical

Pack
14. MS Internet Security Division newest microsoft

pack

Well, you get the idea. It seems that a worm is out and about that
generates e-mail that looks like legitimate Microsoft update warnings;

the

FROM line and the SUBJECT LINE seem to be generated by the worm to make

each

message seem to be for a different purpose as part of a DOS attack on

the
Microsoft website's ability to provide security patches.

The other anomoly to day is a spate of "undeliverable message" warnings

that
had TO lines that are not any that I've ever used and that are not in

any
list in my systems. I'd guess that my e-mail address is in a system
infected by the worm responsible.

Let's be careful out there!

Phil Weldon,













Microsoft







  #8  
Old September 19th 03, 09:40 AM
Phil Weldon
external usenet poster
 
Posts: n/a
Default

Twenty-seven Worm.Automat.AHB infected e-mail messages in the first four
hours of 19SEP03.

Phil Weldon,

"David Maynard" wrote in message
...
Phil Weldon wrote:
Has anyone in the newsgroup had this experience today (September 18)?

..
..
..

Yeah. I got them too, although not as many. Norton didn't see them.

it 'look' legit.






  #9  
Old September 19th 03, 10:31 AM
David Maynard
external usenet poster
 
Posts: n/a
Default

Phil Weldon wrote:
Twenty-seven Worm.Automat.AHB infected e-mail messages in the first four
hours of 19SEP03.


Gee. I feel so... un popular


  #10  
Old September 19th 03, 10:45 AM
David Maynard
external usenet poster
 
Posts: n/a
Default

Phil Weldon wrote:
Yes, I think you are correct, David. None of the 18SEP03 vermal infections
were identified by NortonAV, but I manually downloaded the latest NortonAV
definitions (~ 4.03 Mbytes) and now all the new verminal e-mail for 19SEP03
are detected as infected with Worm.Automat.AHB.

The 18SEP03 infected e-mail had the infectious package blocked by Microsoft
Outlook 2000 (because of a security patch installed earlier.) Norton
Antivirus 2003 DID NOT IDENTIFY the infectious package and OFFERED NO
PROTECTION before manually installing the latest patch. The only automatic
security prevention infection before this new NAV definition package was
provided by Outlook 2000 SP3 Security Update (Internet Mail Only.)


Right. I checked one of the attachments after getting the new definitions and it
detected that but I can't confirm it'll see them on an incoming scan as I
haven't gotten a 'live' one after the new definitions.


I think it IS important for people to make appropriate use of Windows and
Office Update; all those who don't have it set to automatic and who don't
use manual installation contribute to the spread of these worms. Those who
have a disdain for Microsoft are welcome to whatever use they make of the
patching services, but NOT if it affects MY use of the internet.


Well, if you don't have outlook set to auto execute them, which one should never
do anyway, and you don't manually execute it then it shouldn't infect, right?


Phil Weldon,



 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 11:08 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.