|
New virus warning: 'Microsoft' virus
Yet another new WORM virus has been detected "in the wild" and is spreading via e-mail. Known as the Win32/Swen.A@mm or W32/Gibe.E@MM WORM, the infected message arrives in a user's In-Box disguised as a software patch from Microsoft. The intent is to deceive users with false legitimacy so they will open the message and the attachment. Running the attached .EXE file will install the WORM on the user's computer.
Headers include "Use this patch immediately" and "Network update." Senders include "Microsoft" and "Microsoft technical services." Needless to say, Microsoft does NOT distribute software or patches via e-mail in this way. I/C |
Yeah, had loads of these today :mad: Worm.Automat.AHB
Once again I have to wonder - why has Microsoft written an email client that can be taken over in this way ? How many of us want, need or use the scripting capabilities of Outlook to send messages to people in the recipient's address book ? Is there any legitimate non-virusy/wormy reason for wanting to do this ? And why not just allow people to switch it off so you just have a program that sends and receives emails ? Or would that be far too sensible ? |
Grainger -
There's an article on the need for selectable email preferences at http://news.bbc.co.uk/2/hi/technology/3153229.stm. Apparently, this is already built into Windows Server 2003. I/C |
This virus can also come disguised as an "Error notice" from a mail system or similar.
I got something like 70 occurences of it from this morning, hopefully, my ISP catches it, and I use Netscape mail. Here is the information on the symantec website : http://[email protected] |
Ian Corrigible,
I have been seeing the WORM_SWEN.A worm in this form: http://www.trendmicro.com/vinfo/imag...wen_a_img1.gif This looks like a pretty easy one for the ISP Firewalls to filter out and squash. I hope they do it quickly. Take Care, Richard |
Yes, the little to$$ers who send this cr@p out sent me that as well. Fortunately Norton intercepted and devoured it.
With all his money, why does't Gates get someone to track down these w@nkers. Preferably a someone armed with a baseball bat and a Desert Eagle Point Five Oh! |
Am I right in thinking that anything contained in the body of an email cannot harbour a virus, worm etc.? The reason I am asking is that I got this email today.
The odd thing is there was no attachment. After the message urging me to install the attached security patch etc. there were hundreds if not thousands of lines of meaningless letters and numbers. I would obviously not have opened the attachment had there been one. Just trying to confirm that this email can do no harm. Many thanks Nasib |
I've had this twice in the last two days, and I think we should all look on the bright side. At least it wasn't actually from Microsoft.
|
nasib
Am I right in thinking that anything contained in the body of an email cannot harbour a virus, worm etc.? The reason I am asking is that I got this email today. I believe that this sort of "feature" is what maglement refers to at as a "productvity tool".... :uhoh: |
nasib sounds like your machine opened it without asking you first! Time to reconfigure your mail programme perhaps?!
When I did a back-track on this email it came up with the return path as: [email protected] so what does one make of that!? Mr Putin himself perhaps?;) |
Nasib,
Run this free, online anti virus program just to make sure your computer is clean: Trend Micro's HouseCall Take Care, Richard |
I've had this twice in the last two days, and I think we should all look on the bright side. At least it wasn't actually from Microsoft. |
Quote Nasib,
Run this free, online anti virus program just to make sure your computer is clean: Trend Micro's HouseCall Take Care, Richard Unquote Done thanks and all seems OK Nasib |
I too got this notice - twice. Microsoft don't tend to provide patches in this manner which caused me to look closer and I then read the words carefully. Interestingly enough the wording differed slightly on both and in each case the english was quite poor. That helped me to decide to query it with microsoft. The fact that the patch was only about 102kb was another clue - Microsoft's own are much more greedy of my phone time(a great source of annoyance!!)
|
I hadn't had the pleasure of this email, until last night.
Received it from an address @bigfoot.net, luckily at the same time there was an email from McAfee to say that it contained this worm/virus, and they had quarantined it. McAfee also asked me to forward the email to the Postmaster at the applicable ISP (Bigfoot in my case), which I did however it only bounced? Be VERY careful............ |
Self-mailing viruses...
McAfee also asked me to forward the email to the Postmaster at the applicable ISP (Bigfoot in my case), which I did however it only bounced? Just to followup on the info already given, many viruses these days contain their own mail software, which enables them to self-propagate. They steal email addresses from whereever they can find it on the infected system (the Outlook addressbook is, of course, the favourite) and use them as both the set of recipients for further infection attempts, and as a list of forged send addresses. Somebody else, who just happened to have your email address, got infected, probably by Sobig-F. That system started emailing losts of other people copies of the worm, some of which will have had your email address forged in them. Hence you get bombarded with messages from any recipient who has got AV software on their mail system (and there's nothing that you can really do about it ) All pretty eveil, huh :mad: One of the mail systems RTFM runs rejected over 200,000 copies of Sobig-F the weekend it came out. Sending back that many warning messages would itself constitute a Denial-of-Service attack on many smaller mail systems... :ooh: |
I only sent it to that postmaster because the email from McAfee asked me too, I thought it may help stop it.
Just had another copy of the phony email pretending to be from Microsoft. :( |
In the case of viruses with their own built in mail software, there isn't a great deal of point in emailing anybody (or their postmaster) whose name is mentioned in the message. That's becuase both the sender and recipient addresses have been stolen out of the real victim's addressbook (who is very difficult to identify from the information that is easily available.
The most common culprits in this category are:
|
Just had it again, this time according to McAfee, from an address @freemail.com. :(
However this time I ignored their advice to email the postmaster, and took your advice and didn't, just deleted it. :ok: |
I have had two of the dud Ebay emails today, asking to revalidate my account. My ISP filter missed it, but I spotted it.
|
| All times are GMT. The time now is 13:31. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.