New virus warning: 'Microsoft' virus
Thread Starter
Joined: Oct 2002
Posts: 1,796
Likes: 1
From: 1 Dunghill Mansions, Putney
New virus warning: 'Microsoft' virus
Yet another new WORM virus has been detected "in the wild" and is spreading via e-mail. Known as the Win32/Swen.A@mm or W32/Gibe.E@MM WORM, the infected message arrives in a user's In-Box disguised as a software patch from Microsoft. The intent is to deceive users with false legitimacy so they will open the message and the attachment. Running the attached .EXE file will install the WORM on the user's computer.
Headers include "Use this patch immediately" and "Network update." Senders include "Microsoft" and "Microsoft technical services."
Needless to say, Microsoft does NOT distribute software or patches via e-mail in this way.
I/C
Headers include "Use this patch immediately" and "Network update." Senders include "Microsoft" and "Microsoft technical services."
Needless to say, Microsoft does NOT distribute software or patches via e-mail in this way.
I/C
PPRuNe Enigma
Joined: Feb 2001
Posts: 427
Likes: 0
From: Scotland
Yeah, had loads of these today 
Worm.Automat.AHB
Once again I have to wonder - why has Microsoft written an email client that can be taken over in this way ? How many of us want, need or use the scripting capabilities of Outlook to send messages to people in the recipient's address book ? Is there any legitimate non-virusy/wormy reason for wanting to do this ?
And why not just allow people to switch it off so you just have a program that sends and receives emails ? Or would that be far too sensible ?
Worm.Automat.AHBOnce again I have to wonder - why has Microsoft written an email client that can be taken over in this way ? How many of us want, need or use the scripting capabilities of Outlook to send messages to people in the recipient's address book ? Is there any legitimate non-virusy/wormy reason for wanting to do this ?
And why not just allow people to switch it off so you just have a program that sends and receives emails ? Or would that be far too sensible ?
Thread Starter
Joined: Oct 2002
Posts: 1,796
Likes: 1
From: 1 Dunghill Mansions, Putney
Grainger -
There's an article on the need for selectable email preferences at http://news.bbc.co.uk/2/hi/technology/3153229.stm. Apparently, this is already built into Windows Server 2003.
I/C
There's an article on the need for selectable email preferences at http://news.bbc.co.uk/2/hi/technology/3153229.stm. Apparently, this is already built into Windows Server 2003.
I/C
Self Loathing Froggy
Joined: Jun 2002
Posts: 546
Likes: 2
From: elsewhere
This virus can also come disguised as an "Error notice" from a mail system or similar.
I got something like 70 occurences of it from this morning, hopefully, my ISP catches it, and I use Netscape mail.
Here is the information on the symantec website :
http://[email protected]
I got something like 70 occurences of it from this morning, hopefully, my ISP catches it, and I use Netscape mail.
Here is the information on the symantec website :
http://[email protected]
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
Ian Corrigible,
I have been seeing the WORM_SWEN.A worm in this form:
This looks like a pretty easy one for the ISP Firewalls to filter out and squash. I hope they do it quickly.
Take Care,
Richard
I have been seeing the WORM_SWEN.A worm in this form:
This looks like a pretty easy one for the ISP Firewalls to filter out and squash. I hope they do it quickly.
Take Care,
Richard
Joined: May 1999
Aviation Qualifications: ATP+Mil
Posts: 27,397
Likes: 857
From: Quite near 'An aerodrome somewhere in England'
Yes, the little to$$ers who send this cr@p out sent me that as well. Fortunately Norton intercepted and devoured it.
With all his money, why does't Gates get someone to track down these w@nkers. Preferably a someone armed with a baseball bat and a Desert Eagle Point Five Oh!
With all his money, why does't Gates get someone to track down these w@nkers. Preferably a someone armed with a baseball bat and a Desert Eagle Point Five Oh!
Joined: Jun 1999
Posts: 106
Likes: 0
From: UK
Am I right in thinking that anything contained in the body of an email cannot harbour a virus, worm etc.? The reason I am asking is that I got this email today.
The odd thing is there was no attachment. After the message urging me to install the attached security patch etc. there were hundreds if not thousands of lines of meaningless letters and numbers.
I would obviously not have opened the attachment had there been one. Just trying to confirm that this email can do no harm.
Many thanks
Nasib
The odd thing is there was no attachment. After the message urging me to install the attached security patch etc. there were hundreds if not thousands of lines of meaningless letters and numbers.
I would obviously not have opened the attachment had there been one. Just trying to confirm that this email can do no harm.
Many thanks
Nasib
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
nasib
Am I right in thinking that anything contained in the body of an email cannot harbour a virus, worm etc.? The reason I am asking is that I got this email today.
unless you've got the security patches installed (See http://www.microsoft.com/technet/sec...n/MS01-027.asp )I believe that this sort of "feature" is what maglement refers to at as a "productvity tool"....
Joined: May 2002
Posts: 2,242
Likes: 0
From: Australia
nasib sounds like your machine opened it without asking you first! Time to reconfigure your mail programme perhaps?!
When I did a back-track on this email it came up with the return path as:
[email protected] so what does one make of that!? Mr Putin himself perhaps?
When I did a back-track on this email it came up with the return path as:
[email protected] so what does one make of that!? Mr Putin himself perhaps?
The Oracle
Joined: Aug 2001
Posts: 2,902
Likes: 0
From: Naples, Florida U.S.A.
Nasib,
Run this free, online anti virus program just to make sure your computer is clean:
Trend Micro's HouseCall
Take Care,
Richard
Run this free, online anti virus program just to make sure your computer is clean:
Trend Micro's HouseCall
Take Care,
Richard
Joined: Sep 2002
Posts: 1,650
Likes: 0
From: Chichester, UK
I've had this twice in the last two days, and I think we should all look on the bright side. At least it wasn't actually from Microsoft.
. Microsoft are "aware" of the issue, which affects a "small number of systems" and "may be fixed in SP2".
Joined: Jul 2000
Posts: 722
Likes: 4
From: Earth (just)
I too got this notice - twice. Microsoft don't tend to provide patches in this manner which caused me to look closer and I then read the words carefully. Interestingly enough the wording differed slightly on both and in each case the english was quite poor. That helped me to decide to query it with microsoft. The fact that the patch was only about 102kb was another clue - Microsoft's own are much more greedy of my phone time(a great source of annoyance!!)
Persona non grata
Joined: Feb 2003
Posts: 324
Likes: 0
From: Brisbane, Australia.
I hadn't had the pleasure of this email, until last night.
Received it from an address @bigfoot.net, luckily at the same time there was an email from McAfee to say that it contained this worm/virus, and they had quarantined it.
McAfee also asked me to forward the email to the Postmaster at the applicable ISP (Bigfoot in my case), which I did however it only bounced?
Be VERY careful............
Received it from an address @bigfoot.net, luckily at the same time there was an email from McAfee to say that it contained this worm/virus, and they had quarantined it.
McAfee also asked me to forward the email to the Postmaster at the applicable ISP (Bigfoot in my case), which I did however it only bounced?
Be VERY careful............
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
Self-mailing viruses...
McAfee also asked me to forward the email to the Postmaster at the applicable ISP (Bigfoot in my case), which I did however it only bounced?
Just to followup on the info already given, many viruses these days contain their own mail software, which enables them to self-propagate. They steal email addresses from whereever they can find it on the infected system (the Outlook addressbook is, of course, the favourite) and use them as both the set of recipients for further infection attempts, and as a list of forged send addresses.
Somebody else, who just happened to have your email address, got infected, probably by Sobig-F. That system started emailing losts of other people copies of the worm, some of which will have had your email address forged in them. Hence you get bombarded with messages from any recipient who has got AV software on their mail system (and there's nothing that you can really do about it )
All pretty eveil, huh
Somebody else, who just happened to have your email address, got infected, probably by Sobig-F. That system started emailing losts of other people copies of the worm, some of which will have had your email address forged in them. Hence you get bombarded with messages from any recipient who has got AV software on their mail system (and there's nothing that you can really do about it )
All pretty eveil, huh
One of the mail systems RTFM runs rejected over 200,000 copies of Sobig-F the weekend it came out. Sending back that many warning messages would itself constitute a Denial-of-Service attack on many smaller mail systems...
Persona non grata
Joined: Feb 2003
Posts: 324
Likes: 0
From: Brisbane, Australia.
I only sent it to that postmaster because the email from McAfee asked me too, I thought it may help stop it.
Just had another copy of the phony email pretending to be from Microsoft.
Just had another copy of the phony email pretending to be from Microsoft.
Joined: Mar 2002
Posts: 448
Likes: 0
From: London, UK
In the case of viruses with their own built in mail software, there isn't a great deal of point in emailing anybody (or their postmaster) whose name is mentioned in the message. That's becuase both the sender and recipient addresses have been stolen out of the real victim's addressbook (who is very difficult to identify from the information that is easily available.
The most common culprits in this category are:
The most common culprits in this category are:
- Klez
- Yaha
- Gibe/Swen
- Sobig
Persona non grata
Joined: Feb 2003
Posts: 324
Likes: 0
From: Brisbane, Australia.
Just had it again, this time according to McAfee, from an address @freemail.com.
However this time I ignored their advice to email the postmaster, and took your advice and didn't, just deleted it.
However this time I ignored their advice to email the postmaster, and took your advice and didn't, just deleted it.
