Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Wave of fake Official Microsoft Advisory
From: "Lee Evans" <lee () vital co uk>
Date: Fri, 19 Sep 2003 19:17:41 +0100

Hi,

Following links provide further details:

http://www.theregister.co.uk/content/56/32925.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a () mm ht
ml

Regards
Lee
-- 
Lee Evans

-----Original Message-----
From: Mail [mailto:mail () Gnome CA] On Behalf Of Bruno Clermont
Sent: 19 September 2003 15:57
To: bugtraq () securityfocus com
Subject: Wave of fake Official Microsoft Advisory


Since this morning I start seeing tons of fake Microsoft 
Advisories by mail. They contain a .exe attachment.

Running strings(1) on the file show it contain it's own HTML 
mail source (and other version of the advisory), and many of 
the stuff it try to do:

- Increment a web counter "GET 
http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&;
set=cnt006
HTTP/1.0"
- query a POP3 account at ww2.fce.vutbr.cz
- retrieve stuff from a newsgroup and post a message
- modify mIRC configuration
- alter some Kaaza registry keys
- probably more stuff in all the encoded content

The mail really look like an official Microsoft communication with all
those legal reference to microsoft.com website. At the rate those mail
are coming many users had already been fooled, and infection had just
started.

Some of the original mails (with .exe attachment) are available in mbox
format at http://www.gnome.ca/ms.mbox.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]