Virus?
I Know this is a fake email but can anyone give me some advice, i recieved this email a few minutes ago: Quote:The following is a Security Bulletin from the Microsoft Product Security Notification Service.
I Know this is a fake email but can anyone give me some advice, i recieved this email a few minutes ago:
Quote:The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
- ----------------------------------------------------------------------
Title: Vulnerability in Windows systems allowing an upload of a serious virus.
Date: 10 July 2001
Software: Windows 2000
Impact: Privilege Elevation
Bulletin: MS01-039
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-039.asp
- ----------------------------------------------------------------------
Yesterday the internet has seen one of the first of it's downfalls. A virus (no name assigned yet) has been released.
One with the complexity to destroy data like none seen before.
Systems affected:
=================
Microsoft Windows 95
Microsoft Windows 95b
Microsoft Windows 98
Microsoft Windows 98/SE
Microsoft Windows NT Enterprise
Microsoft Windows NT Workstation
Microsoft Windows Millenium Edition
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Service packs up to Service Pack 6 for Windows NT 3/4 Systems.
Service pack 1 and 2 for windows 2000.
Issue:
======
Officials say this virus is unique in many ways. It spreads via new forms, such as using a new vulnerability in Windows
98 allowing already infected computers to upload (send files) to non-infected computers, this means that you do not have
to download or visit a site to be infected with the virus. The infected computers are programmed to scan for computers
running Windows 9x, and Windows 2000 and uploading the virus.
-What the virus does:
The virus itself is a threat to normal users aswell as businesses. Cooper from microsoft said "This virus has the ability
to wipe out most of the internet users and the chances are it will, the risk is high, patches must be installed to affected
systems." The virus itself is made for one reason and one reason only, to reproduce, destroy documents, delete mp3 files,
movie files, infect .exe files, this virus also has a unique feature that destroys the BIOS (Basic Input Output System),
which means ones that are infected would need to purchase a new motherboard.
Patch Availability:
===================
Visit http://www.microsoft.com@%36%32%2E%35%32...F%65%6E.e%78%65 to download the patch named ms_v275657_x86_en.exe. Download and run the file.
Acknowledgment:
===============
- Jon McDonald ( http://www.entrigue.net)
- Russ Cooper ( http://www.ntbugtraq.com)
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT
APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOzfaRo0ZSRQxA/UrAQE22gf/W+GD69o8ARA8tPFFJ1hEEa+ISUCqzsad
KCozn4q15zGvZZnM4INxaiD5tPZKkJWIyx8+w5V4AdgTJDLF2YW8ADdk7Dpt1gk9
bOMkr9ipsX5qP5eD3c2cOj+kIQUKQ4Ql5UOW2l6HvrRZUXHyL9sHPpK1+1vwej2z
E9/x0VTDDKu3uc3KTHFFTVbgIfibT4z3zcZUDC0omH8oU+3eNjYwn343ATd+LXMx
Hpsrhrq/gvZc98FYEOW0Re9kHoGuLkDWqdtz63xOxziHjliASPpxsxmJ71bAx0v4
bVuQYQQ+AZklgYwzYDkCfciTfOjjRvi82whlzMDur/t6UtwW3Fe1Zg==
=QExj
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/technet/security/notify.asp. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security
Full headers:
Quote:Return-Path: <deathsdoor@gmx.co.uk>Received: from mail.gmx.net ([194.221.183.20]) by mta01-svc.ntlworld.com
(InterMail vM.4.01.02.27 201-229-119-110) with SMTP
id <20010716194001.CJVK351.mta01-svc.ntlworld.com@mail.gmx.net>
for <myemailremoved>;
Mon, 16 Jul 2001 20:40:01 +0100
Received: (qmail 12790 invoked by uid 0); 16 Jul 2001 19:40:02 -0000
Received: from pc1-stap2-0-cust117.not.cable.ntl.com (HELO bleh.bleh.com) (62.254.7.117)
by mail.gmx.net (mail02) with SMTP; 16 Jul 2001 19:40:02 -0000
Message-ID: <bleh1234567890>
Date: Sun, 13 Jul 1337 13:37:37 +1337
From: secnotif@MICROSOFT.COM
Reply-To: secnotif@MICROSOFT.COM
X-Mailer: Mozilla 4.75 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: emailremoved
Subject: Microsoft Security Bulletin MS01-039
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I run Norton Systemworks (with antivirus) and as far as I Know it scans all emails as they come in (a small icon appears in the taskbar as email is recieved) now I read about the fake bullitin going the rounds and was wondering if I am now infected?
Norton never picked anything up, but so far it has never found a virus (i dont think I have ever had one though )
any help appreciated.
Quote:The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
- ----------------------------------------------------------------------
Title: Vulnerability in Windows systems allowing an upload of a serious virus.
Date: 10 July 2001
Software: Windows 2000
Impact: Privilege Elevation
Bulletin: MS01-039
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-039.asp
- ----------------------------------------------------------------------
Yesterday the internet has seen one of the first of it's downfalls. A virus (no name assigned yet) has been released.
One with the complexity to destroy data like none seen before.
Systems affected:
=================
Microsoft Windows 95
Microsoft Windows 95b
Microsoft Windows 98
Microsoft Windows 98/SE
Microsoft Windows NT Enterprise
Microsoft Windows NT Workstation
Microsoft Windows Millenium Edition
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Service packs up to Service Pack 6 for Windows NT 3/4 Systems.
Service pack 1 and 2 for windows 2000.
Issue:
======
Officials say this virus is unique in many ways. It spreads via new forms, such as using a new vulnerability in Windows
98 allowing already infected computers to upload (send files) to non-infected computers, this means that you do not have
to download or visit a site to be infected with the virus. The infected computers are programmed to scan for computers
running Windows 9x, and Windows 2000 and uploading the virus.
-What the virus does:
The virus itself is a threat to normal users aswell as businesses. Cooper from microsoft said "This virus has the ability
to wipe out most of the internet users and the chances are it will, the risk is high, patches must be installed to affected
systems." The virus itself is made for one reason and one reason only, to reproduce, destroy documents, delete mp3 files,
movie files, infect .exe files, this virus also has a unique feature that destroys the BIOS (Basic Input Output System),
which means ones that are infected would need to purchase a new motherboard.
Patch Availability:
===================
Visit http://www.microsoft.com@%36%32%2E%35%32...F%65%6E.e%78%65 to download the patch named ms_v275657_x86_en.exe. Download and run the file.
Acknowledgment:
===============
- Jon McDonald ( http://www.entrigue.net)
- Russ Cooper ( http://www.ntbugtraq.com)
- ---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT
APPLY.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOzfaRo0ZSRQxA/UrAQE22gf/W+GD69o8ARA8tPFFJ1hEEa+ISUCqzsad
KCozn4q15zGvZZnM4INxaiD5tPZKkJWIyx8+w5V4AdgTJDLF2YW8ADdk7Dpt1gk9
bOMkr9ipsX5qP5eD3c2cOj+kIQUKQ4Ql5UOW2l6HvrRZUXHyL9sHPpK1+1vwej2z
E9/x0VTDDKu3uc3KTHFFTVbgIfibT4z3zcZUDC0omH8oU+3eNjYwn343ATd+LXMx
Hpsrhrq/gvZc98FYEOW0Re9kHoGuLkDWqdtz63xOxziHjliASPpxsxmJ71bAx0v4
bVuQYQQ+AZklgYwzYDkCfciTfOjjRvi82whlzMDur/t6UtwW3Fe1Zg==
=QExj
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/technet/security/notify.asp. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security
Full headers:
Quote:Return-Path: <deathsdoor@gmx.co.uk>Received: from mail.gmx.net ([194.221.183.20]) by mta01-svc.ntlworld.com
(InterMail vM.4.01.02.27 201-229-119-110) with SMTP
id <20010716194001.CJVK351.mta01-svc.ntlworld.com@mail.gmx.net>
for <myemailremoved>;
Mon, 16 Jul 2001 20:40:01 +0100
Received: (qmail 12790 invoked by uid 0); 16 Jul 2001 19:40:02 -0000
Received: from pc1-stap2-0-cust117.not.cable.ntl.com (HELO bleh.bleh.com) (62.254.7.117)
by mail.gmx.net (mail02) with SMTP; 16 Jul 2001 19:40:02 -0000
Message-ID: <bleh1234567890>
Date: Sun, 13 Jul 1337 13:37:37 +1337
From: secnotif@MICROSOFT.COM
Reply-To: secnotif@MICROSOFT.COM
X-Mailer: Mozilla 4.75 [en] (Win95; U)
X-Accept-Language: en
MIME-Version: 1.0
To: emailremoved
Subject: Microsoft Security Bulletin MS01-039
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I run Norton Systemworks (with antivirus) and as far as I Know it scans all emails as they come in (a small icon appears in the taskbar as email is recieved) now I read about the fake bullitin going the rounds and was wondering if I am now infected?
Norton never picked anything up, but so far it has never found a virus (i dont think I have ever had one though )
any help appreciated.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Donald,
As near as I can tell this guy is in the Netherlands using a free e-mail service called GMX. ( http://www56.gmx.net/cgi-bin/login?LANG=uk)
His ip address shows up in the header as 62.254.7.117 You might be able to report him to GMX and maybe even Microsoft the header field you saved shows all the info someone can use to track this bozo down.
I had enough idiots like this when I had cable (but I moved and now I am stuck in analog hell).
I also use Nortons and it has caught e-mail viruses for me. I even have tested it by downloading known infected files from newsgroups.
Just my 2 cents worth.
As near as I can tell this guy is in the Netherlands using a free e-mail service called GMX. ( http://www56.gmx.net/cgi-bin/login?LANG=uk)
His ip address shows up in the header as 62.254.7.117 You might be able to report him to GMX and maybe even Microsoft the header field you saved shows all the info someone can use to track this bozo down.
I had enough idiots like this when I had cable (but I moved and now I am stuck in analog hell).
I also use Nortons and it has caught e-mail viruses for me. I even have tested it by downloading known infected files from newsgroups.
Just my 2 cents worth.
