[Dshield] W32.Gibe.B@mm Virus

R Shady RShady at stny.rr.com
Sun Aug 24 17:16:15 GMT 2003


Deep pockets Bill doesn't send out patches/updates/fixes by email.  See:

http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html

David Stimpson wrote:
> Hi all
>  
> As I am not a power user of this group and I am a bit of a novice I did
> not know whether this is worthy of mention.  Anyway I received this mail
> today with a Virus attached.  It was intercepted by Norton Internet
> Security and I quarantined it - Norton could not fix it even though I
> have the latest Virus definitions.
>  
> The mail was addressed from 
>  
> Microsoft Corporation Internet Public Assistance
> [ccefirvlp_303180 at MeDMCvjTR.com]
>  
> With Subject Heading
>  
> Network Security Pack
>  
> Attached to the mail was a file proporting to be a Cumulative Patch
> which should be used to repair vulnerabilities in Internet Explorer,
> Outlook and Outlook Express
>  
> File Name - Patch752-68.exe
>  
> The Virus was identified as in the subject of this mail
>  
> ------------------------------------------------------------------------
> ------------------------------------------------------------------------
> --------------------------
> Received: from lakemtao02.cox.net ([68.1.17.243])
> 
> by praseodumium with esmtp (Exim 3.22 #23)
> 
> id 19qtsr-000539-00; Sun, 24 Aug 2003 13:22:14 +0100
> 
> Received: from ktRLzR ([68.11.200.173]) by lakemtao02.cox.net
> 
> (InterMail vM.5.01.06.04 201-253-122-130-104-20030726) with SMTP
> 
> id <20030824122152.OKNJ11854.lakemtao02.cox.net at ktRLzR>;
> 
> Sun, 24 Aug 2003 08:21:52 -0400
> 
> FROM: "Microsoft Corporation Internet Public Assistance"
> <ccefirvlp_303180 at MeDMCvjTR.com>
> 
> TO: "MS Corporation Consumer" < >
> 
> SUBJECT: Network Security Pack
> 
> Mime-Version: 1.0
> 
> Content-Type: multipart/mixed; boundary="ETuAlqrgzFPMHVNmVKl"
> 
> Message-Id: <20030824122152.OKNJ11854.lakemtao02.cox.net at ktRLzR>
> 
> Date: Sun, 24 Aug 2003 08:21:59 -0400
> 
> Status: 
> 
> --ETuAlqrgzFPMHVNmVKl
> 
> Content-Type: multipart/alternative; boundary="UfLnKDrbzBQJpzwXL"
> 
> --UfLnKDrbzBQJpzwXL
> 
> Content-Type: text/plain; charset="us-ascii"
> 
> Content-Transfer-Encoding: quoted-printable
> 
> MS Corporation Consumer
> 
> this is the latest version of security update, the
> 
> "August 2003, Cumulative Patch" update which eliminates all known
> security vulnerabilities affecting Internet Explorer, Outlook and
> Outlook Express as well as five newly discovered vulnerabilities.
> Install now to protect your computer from these vulnerabilities, the
> most serious of which could allow an attacker to run executable on your
> system. This update includes the functionality of all previously
> released patches.
> 
> System requirements:
> 
> Win 9x/Me/2000/NT/XP
> 
> This update applies to:
> 
> Microsoft Internet Explorer, version 4.01 and later
> 
> Microsoft Outlook, version 8.00 and later
> 
> Microsoft Outlook Express, version 4.01 and later
> 
> Recommendation:
> 
> Customers should install the patch at the earliest opportunity.
> 
> How to install:
> 
> Run attached file. Click Yes on displayed dialog box.
> 
> How to use:
> 
> You don't need to do anything after installing this item.
> 
> Microsoft Technical Support is available at
> <http://support.microsoft.com/> http://support.microsoft.com/
> 
> For security-related information about Microsoft products, please visit
> the Microsoft Security Advisor web site at
> <http://www.microsoft.com/security> http://www.microsoft.com/security
> 
> Contact us at
> <http://www.microsoft.com/isapi/goregwiz.asp?target=3D/contactus/=>
> http://www.microsoft.com/isapi/goregwiz.asp?target=3D/contactus/=
> 
> contactus.asp
> 
>  
> 
> Please do not reply to this message. It was sent from an unmonitored
> e-mail address and we are unable to respond to any replies.
> 
> Thank you for using Microsoft products.
> 
> With friendly greetings,
> 
> Microsoft Corporation Internet Public Assistance
> ________________________________________
> 
> =A92003 Microsoft Corporation. All rights reserved. The names of = the
> actual companies 
> 
> and products mentioned herein =
> 
> may be the trademarks of their respective owners.
> 
> --UfLnKDrbzBQJpzwXL
> 
> Content-Type: text/html; charset="us-ascii"
> 
> Content-Transfer-Encoding: quoted-printable
> 
> <HTML><HEAD></HEAD><BODY>
> 
> <BASEFONT SIZE=3D"2"><BR>
> 
> MS Corporation Consumer
> 
> <BR><BR>
> 
> this is the latest version of security update, the<BR>
> 
> "August 2003, Cumulative Patch" update which eliminates<BR>
> 
> all known security vulnerabilities affecting Internet Explorer,<BR>
> Outlook and Outlook Express as well as five newly<BR> discovered
> vulnerabilities. Install now to protect your computer<BR> from these
> vulnerabilities, the most serious of which could allow<BR> an attacker
> to run executable on your system. This update includes<BR> the
> functionality of all previously released patches.<BR><BR>
> 
> <TABLE BORDER=3D"3" CELLPADDING=3D"3" BGCOLOR=3D"#80CBF6">
> 
> <TR VALIGN=3D"TOP">
> 
> <TD NOWRAP><FONT SIZE=3D"2">System requirements</FONT></TD>
> 
> <TD NOWRAP><FONT SIZE=3D"2">Win 9x/Me/2000/NT/XP</FONT></TD> </TR>
> 
> <TR VALIGN=3D"TOP">
> 
> <TD NOWRAP><FONT SIZE=3D"2">This update applies to</FONT></TD> <TD
> NOWRAP> <FONT SIZE=3D"2"> Microsoft Internet Explorer, version 4.01 and
> later<BR> Microsoft Outlook, version 8.00 and later<BR> Microsoft
> Outlook Express, version 4.01 and later </FONT> </TD> </TR>
> 
> <TR VALIGN=3D"TOP">
> 
> <TD NOWRAP><FONT SIZE=3D"2">Recommendation</FONT></TD>
> 
> <TD NOWRAP><FONT SIZE=3D"2">Customers should install the patch = at the
> earliest opportunity.</FONT></TD> </TR>
> 
> <TR VALIGN=3D"TOP">
> 
> <TD NOWRAP><FONT SIZE=3D"2">How to install</FONT></TD>
> 
> <TD NOWRAP><FONT SIZE=3D"2">Run attached file. =
> 
> Click Yes on displayed dialog box.</FONT></TD>
> 
> </TR>
> 
> <TR VALIGN=3D"TOP">
> 
> <TD NOWRAP><FONT SIZE=3D"2">How to use</FONT></TD>
> 
> <TD NOWRAP><FONT SIZE=3D"2">You don't need to do =
> 
> anything after installing this item.</FONT></TD>
> 
> </TR>
> 
> </TABLE>
> 
> <BR>
> 
> Microsoft Product Support Services and Knowledge Base articles<BR> can
> be found on the <A HREF=3D"http://support.microsoft.com/">=
> 
> Microsoft Technical Support</A> web site.<BR>
> 
> For security-related information about Microsoft products, please<BR>
> visit the <A HREF=3D"http://www.microsoft.com/security">
> 
> Microsoft Security Advisor</A> web site, =
> 
> or <A HREF=3D"http://www.microsoft.com/isapi/goregwiz.asp?=
> 
> target=3D/contactus/contactus.asp">Contact us.</A><BR><BR>
> 
> Please do not reply to this message. It was sent from an unmonitored<BR>
> e-mail address and we are unable to respond to any replies. <BR><BR>
> Thank you for using Microsoft products. <BR><BR> With friendly
> greetings, <BR> Microsoft Corporation Internet Public Assistance<BR> <HR
> COLOR=3D"Blue" SIZE=3D"2" WIDTH=3D"400" ALIGN=3D"left"> <FONT
> COLOR=3D"Gray">=A92003 Microsoft Corporation. All = rights reserved. The
> names of the actual companies<BR> and products mentioned herein may be
> the trademarks of = their respective owners.</FONT> </BODY></HTML>
> 
> --UfLnKDrbzBQJpzwXL--
> 
> --ETuAlqrgzFPMHVNmVKl--
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 





More information about the list mailing list