If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Flood of virus and patch warnings from Microsoft. Is a new worm loose or is it spam?
Has anyone in the newsgroup had this experience today (September 18)? I've
received over 40 messages from Microsoft today, most with attachments warning of the importance of security. The messages are in html and the contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at least SOME of the headers don't seem to conform to the usual form Microsoft messages use. Some of these e-mail messages have executables attached. I, of course, have not opened any of the executables, and, according to SANS and Microsoft Windows Update (and Microsoft Office Update) have ALL the latest patches. Also I have all the Norton AV updates as of 17SEP03 and 18SEP03. None of these email messages are tagged as viral or vermal. This is a list of the FROM and SUBJECT lines - 1. Microsoft Program Security Department Network Upgrade 2. Last Microsoft Security Upgrade 3. Microsoft Network Mail System Advice 4. MS Customer Services Net Security Pack 5. Microsoft Program Security Department 6. MS Corporation Public Assistance New Internet Patch 7. Microsoft Newest Network Security Patch 8. MS Customer Services New Security Patch 9. Microsoft Internet Security Department Internet Critical Update 10. Microsoft Latest Microsoft Patch 11. MS Corporation Network Security Center New Network Critical Upgrade 12. Microsoft Corporation Customer Assistance Last Microsoft Security Update 13. Microsoft Corporation Internet Security New Network Critical Pack 14. MS Internet Security Division newest microsoft pack Well, you get the idea. It seems that a worm is out and about that generates e-mail that looks like legitimate Microsoft update warnings; the FROM line and the SUBJECT LINE seem to be generated by the worm to make each message seem to be for a different purpose as part of a DOS attack on the Microsoft website's ability to provide security patches. The other anomoly to day is a spate of "undeliverable message" warnings that had TO lines that are not any that I've ever used and that are not in any list in my systems. I'd guess that my e-mail address is in a system infected by the worm responsible. Let's be careful out there! Phil Weldon, Microsoft |
#2
|
|||
|
|||
Oh yes, I forgot to add that the body is the same for all these purported
messages from Microsoft! Phil Weldon, "Phil Weldon" wrote in message hlink.net... .. .. .. |
#3
|
|||
|
|||
Thanks a lot. That's the body of the e-mail, but, unlike the description in
the Symantec site, the e-mail contains no infective material. I think Symantec is going to upgrade the threat level soon; I've never seen such a vermal spew! I haven't had a virus since the 'Stoned' boot sector virus when I was in Jordan during Gulf War I (or II, according to whether you count the Iran-Iraq War as Gulf War I). I don't want to get a virus this time around. Phil Weldon, "Michael Cecil" wrote in message ... On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon" wrote: Has anyone in the newsgroup had this experience today (September 18)? No. It's just you. Whatever did you do to **** off Microsoft? Uh, yes. 700+ so far to my unmunged address. They like me, they really, really like me! It's the W32.Swen.A@mm worm. -- Michael Cecil http://home.comcast.net/~macecil/howto/ http://home.comcast.net/~antiviruscd/ |
#4
|
|||
|
|||
On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon"
Phil, Microsoft NEVER sends out actual files with their security notices. My Norton AV always detects some kind of virus, not only SoBIG.F, in these attachments. Always. MS wants you to go to their web site, and force you to run an audit program on your system, so it can "advise" you on needed packages. To that, I say horse puckey. For IT personnel, the patches are all posted as standalone files. so you don't have to grant MS access (no pun!) to your system. --W-- wrote: Has anyone in the newsgroup had this experience today (September 18)? I've received over 40 messages from Microsoft today, most with attachments warning of the importance of security. The messages are in html and the contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at least SOME of the headers don't seem to conform to the usual form Microsoft messages use. Some of these e-mail messages have executables attached. I, of course, have not opened any of the executables, and, according to SANS and Microsoft Windows Update (and Microsoft Office Update) have ALL the latest patches. Also I have all the Norton AV updates as of 17SEP03 and 18SEP03. None of these email messages are tagged as viral or vermal. This is a list of the FROM and SUBJECT lines - 1. Microsoft Program Security Department Network Upgrade 2. Last Microsoft Security Upgrade 3. Microsoft Network Mail System Advice 4. MS Customer Services Net Security Pack 5. Microsoft Program Security Department 6. MS Corporation Public Assistance New Internet Patch 7. Microsoft Newest Network Security Patch 8. MS Customer Services New Security Patch 9. Microsoft Internet Security Department Internet Critical Update 10. Microsoft Latest Microsoft Patch 11. MS Corporation Network Security Center New Network Critical Upgrade 12. Microsoft Corporation Customer Assistance Last Microsoft Security Update 13. Microsoft Corporation Internet Security New Network Critical Pack 14. MS Internet Security Division newest microsoft pack Well, you get the idea. It seems that a worm is out and about that generates e-mail that looks like legitimate Microsoft update warnings; the FROM line and the SUBJECT LINE seem to be generated by the worm to make each message seem to be for a different purpose as part of a DOS attack on the Microsoft website's ability to provide security patches. The other anomoly to day is a spate of "undeliverable message" warnings that had TO lines that are not any that I've ever used and that are not in any list in my systems. I'd guess that my e-mail address is in a system infected by the worm responsible. Let's be careful out there! Phil Weldon, Microsoft |
#5
|
|||
|
|||
Winey wrote:
On Fri, 19 Sep 2003 05:07:35 GMT, "Phil Weldon" Phil, Microsoft NEVER sends out actual files with their security notices. My Norton AV always detects some kind of virus, not only SoBIG.F, in these attachments. Always. Norton doesn't necessarily detect them if they're new and, like Phil, it didn't detect those on mine when they came in either but I notice there's a new NAV file out dated 9/18/2003. I wonder why a new one was needed on the same day? MS wants you to go to their web site, and force you to run an audit They didn't come from Microsoft. program on your system, so it can "advise" you on needed packages. To that, I say horse puckey. For IT personnel, the patches are all posted as standalone files. so you don't have to grant MS access (no pun!) to your system. --W-- wrote: Has anyone in the newsgroup had this experience today (September 18)? I've received over 40 messages from Microsoft today, most with attachments warning of the importance of security. The messages are in html and the contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at least SOME of the headers don't seem to conform to the usual form Microsoft messages use. Some of these e-mail messages have executables attached. I, of course, have not opened any of the executables, and, according to SANS and Microsoft Windows Update (and Microsoft Office Update) have ALL the latest patches. Also I have all the Norton AV updates as of 17SEP03 and 18SEP03. None of these email messages are tagged as viral or vermal. This is a list of the FROM and SUBJECT lines - 1. Microsoft Program Security Department Network Upgrade 2. Last Microsoft Security Upgrade 3. Microsoft Network Mail System Advice 4. MS Customer Services Net Security Pack 5. Microsoft Program Security Department 6. MS Corporation Public Assistance New Internet Patch 7. Microsoft Newest Network Security Patch 8. MS Customer Services New Security Patch 9. Microsoft Internet Security Department Internet Critical Update 10. Microsoft Latest Microsoft Patch 11. MS Corporation Network Security Center New Network Critical Upgrade 12. Microsoft Corporation Customer Assistance Last Microsoft Security Update 13. Microsoft Corporation Internet Security New Network Critical Pack 14. MS Internet Security Division newest microsoft pack Well, you get the idea. It seems that a worm is out and about that generates e-mail that looks like legitimate Microsoft update warnings; the FROM line and the SUBJECT LINE seem to be generated by the worm to make each message seem to be for a different purpose as part of a DOS attack on the Microsoft website's ability to provide security patches. The other anomoly to day is a spate of "undeliverable message" warnings that had TO lines that are not any that I've ever used and that are not in any list in my systems. I'd guess that my e-mail address is in a system infected by the worm responsible. Let's be careful out there! Phil Weldon, Microsoft |
#6
|
|||
|
|||
Phil Weldon wrote:
Has anyone in the newsgroup had this experience today (September 18)? I've received over 40 messages from Microsoft today, most with attachments warning of the importance of security. The messages are in html and the contents seem to be legitimate, and the 'smart' URL's are legitimate, BUT at least SOME of the headers don't seem to conform to the usual form Microsoft messages use. Some of these e-mail messages have executables attached. I, of course, have not opened any of the executables, and, according to SANS and Microsoft Windows Update (and Microsoft Office Update) have ALL the latest patches. Also I have all the Norton AV updates as of 17SEP03 and 18SEP03. None of these email messages are tagged as viral or vermal. This is a list of the FROM and SUBJECT lines - 1. Microsoft Program Security Department Network Upgrade 2. Last Microsoft Security Upgrade 3. Microsoft Network Mail System Advice 4. MS Customer Services Net Security Pack 5. Microsoft Program Security Department 6. MS Corporation Public Assistance New Internet Patch 7. Microsoft Newest Network Security Patch 8. MS Customer Services New Security Patch 9. Microsoft Internet Security Department Internet Critical Update 10. Microsoft Latest Microsoft Patch 11. MS Corporation Network Security Center New Network Critical Upgrade 12. Microsoft Corporation Customer Assistance Last Microsoft Security Update 13. Microsoft Corporation Internet Security New Network Critical Pack 14. MS Internet Security Division newest microsoft pack Well, you get the idea. It seems that a worm is out and about that generates e-mail that looks like legitimate Microsoft update warnings; the FROM line and the SUBJECT LINE seem to be generated by the worm to make each message seem to be for a different purpose as part of a DOS attack on the Microsoft website's ability to provide security patches. The other anomoly to day is a spate of "undeliverable message" warnings that had TO lines that are not any that I've ever used and that are not in any list in my systems. I'd guess that my e-mail address is in a system infected by the worm responsible. Let's be careful out there! Phil Weldon, Yeah. I got them too, although not as many. Norton didn't see them. My ISP filters for viri and, in addition to the fake microsoft stuff that their scanner didn't detect either, this is the second round of messages from them that I was 'sent' a virus. First group came in around Sept 4 I think it was. Went on for three days on a semi regular hourly schedule and then whoever was infected apparently found it because it stopped, till the 18'th when a new spat came in with a different virus listed in the notice. This time I didn't get undeliverable mail messages but last time I did with my email forged in as the 'from' address. But then I haven't checked email in the last 10 minutes. Microsoft never sends update files through email but I'll bet a lot of people fall for it because whoever faked it went to a lot of effort this time to make it 'look' legit. |
#8
|
|||
|
|||
Twenty-seven Worm.Automat.AHB infected e-mail messages in the first four
hours of 19SEP03. Phil Weldon, "David Maynard" wrote in message ... Phil Weldon wrote: Has anyone in the newsgroup had this experience today (September 18)? .. .. .. Yeah. I got them too, although not as many. Norton didn't see them. it 'look' legit. |
#9
|
|||
|
|||
Phil Weldon wrote:
Twenty-seven Worm.Automat.AHB infected e-mail messages in the first four hours of 19SEP03. Gee. I feel so... un popular |
#10
|
|||
|
|||
Phil Weldon wrote:
Yes, I think you are correct, David. None of the 18SEP03 vermal infections were identified by NortonAV, but I manually downloaded the latest NortonAV definitions (~ 4.03 Mbytes) and now all the new verminal e-mail for 19SEP03 are detected as infected with Worm.Automat.AHB. The 18SEP03 infected e-mail had the infectious package blocked by Microsoft Outlook 2000 (because of a security patch installed earlier.) Norton Antivirus 2003 DID NOT IDENTIFY the infectious package and OFFERED NO PROTECTION before manually installing the latest patch. The only automatic security prevention infection before this new NAV definition package was provided by Outlook 2000 SP3 Security Update (Internet Mail Only.) Right. I checked one of the attachments after getting the new definitions and it detected that but I can't confirm it'll see them on an incoming scan as I haven't gotten a 'live' one after the new definitions. I think it IS important for people to make appropriate use of Windows and Office Update; all those who don't have it set to automatic and who don't use manual installation contribute to the spread of these worms. Those who have a disdain for Microsoft are welcome to whatever use they make of the patching services, but NOT if it affects MY use of the internet. Well, if you don't have outlook set to auto execute them, which one should never do anyway, and you don't manually execute it then it shouldn't infect, right? Phil Weldon, |
Thread Tools | |
Display Modes | |
|
|