Full Disclosure mailing list archives

Re: new virus: (fwd)

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 20 Sep 2003 12:15:25 +0530

attatched virus spoofing microsoft network security update
file is .zip password is "infected"
email body follows....
--------------- snip -----------------
Microsoft Customer

this is the latest version of security update, the
"September 2003, Cumulative Patch" update which resolves
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to continue keeping your computer secure
from these vulnerabilities, the most serious of which could
allow an attacker to run code on your system.
This update includes the functionality of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
 - MS Internet Explorer, version 4.01 and later
 - MS Outlook, version 8.00 and later
 - MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest
opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.


Microsoft Product Support Services and Knowledge Base articles can be found
on the Microsoft Technical Support web site.
http://support.microsoft.com/

For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site
http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond
to any replies.

----------------------------------------------
The names of the actual companies and products mentioned herein are the
trademarks of their respective owners.
----------------------- snip ---------------------------


Donnie Werner
CTO e2-labs.com

"we do more cuz Pivx sucks"


----- Original Message -----
From: "Exibar" <exibar () thelair com>
To: "Ron Clark" <ron () pi-mail Armstrong EDU>; <full-disclosure () netsys com>
Sent: Friday, September 19, 2003 10:38 PM
Subject: Re: [Full-disclosure] new virus: (fwd)

it is the SWEN virus.  I've received dozens of them, McAfee picks it up as
Swen,  have no reason to doubt it :-)

 Exibar

Attachment: q894829.zip
Description:

Current thread:

Re: new virus: (fwd) Ron Clark (Sep 19)
- <Possible follow-ups>
- Re: new virus: (fwd) Ron Clark (Sep 19)
  - Automat? Was (Re: new virus: ) disclosure (Sep 19)
    - Re: Automat? Was (Re: new virus: ) disclosure (Sep 19)
    - Re: Automat? Was (Re: new virus: ) B.K. DeLong (Sep 19)
    - Re: Automat? Was (Re: new virus: ) Nick FitzGerald (Sep 20)
  - Re: new virus: (fwd) Exibar (Sep 19)
    - Re: new virus: (fwd) morning_wood (Sep 20)
    - SV: new virus: (fwd) Peter Kruse (Sep 20)
    - RE: new virus: (fwd) Steve Wray (Sep 20)
    - Re: SV: new virus: (fwd) Rocco Stanzione (Sep 20)
    - Re: new virus: (fwd) Paul Schmehl (Sep 20)
  - Re: new virus: (fwd) Christophe Tommasini (Sep 19)
  - Re: new virus: (fwd) Daniel Tams (Sep 19)
    - Re: new virus: (fwd) Kye Lewis (Sep 19)