[unisog] Critical updates available (fwd)

Anderson Johnston andy at umbc.edu
Thu Jul 29 13:46:11 GMT 2004



The message below is disturbingly plausible to many of our users.  It
has a hook into the "keep your system updated" message that they keep
hearing from us, giving it a air of authenticity.

If you click the "GET ONE NOW" link, you go to a website registered to the
Comite Gestor da Internet no Brasil, tne ccTLD manager for .br addresses.

I've included both the displayed message and the message with full headers
and source below.

We've been seeing several messages like this one lately.  Does anyone know
anything about them?  Are they causing any problems for anyone?


							Thanks,
							- Andy

------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *                                 **
** IT Security                            * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
------------------------------------------------------------------------------

---------- Forwarded message ----------
Date: Thu, 29 Jul 2004 03:25:01 +0100
From: Geek Help <Upgrade at glay.org>
To: ahurd1 at gl.umbc.edu
Subject: Critical updates available



  Windows Update     XP.ME.2000.NT



Windows Update has found critical updates for your computer.

To begin update click:

Start > Windows Update Icon

NO CD-KEY? GET ONE HERE!

Note: In order to update your windows, you must have a legit CD-KEY!



Critical Updates:
June 2004: MS04-013: Cumulative Security Update for Outlook Express
April 2004: Security Update for Windows XP Embedded with SP1 (835732)
March 2004, Cumulative Security Update for Internet Explorer (832894)
February 2004, Microsoft Security Bulletin MS04-007 ASN.1 Vulnerability Could Allow Code Execution (828028)
December 2003, Flaw in NetBIOS Could Lead to Information Disclosure (824105)
December 2003, Buffer Overrun: Windows Help and Support Center Could Lead to System Compromise (825119)
December 2003, Unchecked Buffer in DirectX Could Enable System Compromise (819696)
December 2003, Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
October 2003, Vulnerability could allow Remote Code Execution (823182)
October 2003, Cumulative Update for Internet Explorer (828750)
September 2003, Remote Procedure Call Service Update (QFE 824146)




----------------------- Message Headers and Source -----------------


>From Upgrade at glay.org Thu Jul 29 09:30:12 2004
Return-Path: <Upgrade at glay.org>
Received: from c-24-17-85-5.client.comcast.net
    (c-24-17-85-5.client.comcast.net [24.17.85.5])
	by mx6in.umbc.edu (8.12.10/8.12.10/UMBC-Central 1.1.2.1  mxdel
    1.1.2.9) with SMTP id i6T1Rvdm008430;
	Wed, 28 Jul 2004 21:28:03 -0400 (EDT)
X-Message-Info: 5D3DOeb3LMG6tjkDBHnAE350fS425gYjD86MOB07
Received: (from duffel at 24.17.85.5)
	by binghamton9.100.20.208.30 (4.52.4/1.65.4) id y41RCNhQ221201;
	Wed, 28 Jul 2004 20:24:01 -0600
Message-ID: <4705456403804.04126 at 24.17.85.5>
Reply-To: "Geek Help" <Upgrade at glay.org>
From: "Geek Help" <Upgrade at glay.org>
To: ahurd1 at gl.umbc.edu
Subject: Critical updates available
Date: Thu, 29 Jul 2004 03:25:01 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="--0133794598719434"
X-Milter-Key: 1091064830:d534c949163ffcffa76d4743ee30d3d9
X-Avmilter: Message Skipped, too small
X-Spam-Status: hits=1.9 rating= tests=BAYES_44,HTML_50_60,HTML_FONT_BIG,
    HTML_MESSAGE,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI
X-Processed-By: MilterMonkey Version 0.9 --
    http://www.membrain.com/miltermonkey

<html>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="58%" id="AutoNumber1" height="84">
  <tr>
    <td width="4%" rowspan="3" height="84" bgcolor="#8CAAE6">&nbsp;</td>
    <td width="92%" height="19" bgcolor="#0148B2">
    <p align="left"><font color="#FFFFFF" face="Arial Black" size="5">
    <span class="sys-font-heading3 sys-rhp-color-title">&nbsp; Windows Update&nbsp;&nbsp;&nbsp;&nbsp;
    XP.ME.2000.NT</span></font></td>
    <td width="5%" rowspan="3" height="84" bgcolor="#8CAAE6">&nbsp;</td>
  </tr>
  <tr>
    <td width="92%" height="101" bgcolor="#EDF2FC">
    <p align="center" style="margin-left: 5; margin-right: 5">&nbsp;</p>
    <p align="center" style="margin-left: 5; margin-right: 5">Windows Update has
    found&nbsp;critical updates for your computer. </p>
    <p align="center" style="margin-left: 5; margin-right: 5">To begin update
    click:&nbsp; </p>
    <p align="center" style="margin-left: 5; margin-right: 5"><font size="5">
    Start &gt; Windows Update Icon</font></p>
    <p class="MsoNormal" align="center" style="margin-left: 5; margin-right: 5">
    <span style="font-weight: 700; color: #000080"><font size="4">NO CD-KEY?<a href="http://Mildred.kbsbwj.info/?RATqTClMYVYe7lRMildred"> GET
    ONE HERE!</a></font></span></p>
    <p class="MsoNormal" align="center" style="margin-left: 5; margin-right: 5">
    <span style="color: black">Note: In order to update your windows, you must
    have a legit CD-KEY!</span></p>
    <p class="MsoNormal" align="center" style="margin-left: 5; margin-right: 5; margin-top: 0">&nbsp;</p>
    <p align="left" style="margin-left: 5; margin-right: 5"><b>Critical Updates:</b><br>
    June 2004: MS04-013: Cumulative Security Update for Outlook Express<br>
    April 2004: Security Update for Windows XP Embedded with SP1 (835732)<br>
    March 2004, Cumulative Security Update for Internet Explorer (832894) <br>
    February 2004, Microsoft Security Bulletin MS04-007 ASN.1 Vulnerability
    Could Allow Code Execution (828028) <br>
    December 2003, Flaw in NetBIOS Could Lead to Information Disclosure (824105)<br>
    December 2003, Buffer Overrun: Windows Help and Support Center Could Lead to
    System Compromise (825119)<br>
    December 2003, Unchecked Buffer in DirectX Could Enable System Compromise
    (819696)<br>
    December 2003, Buffer Overrun in Messenger Service Could Allow Code
    Execution (828035)<br>
    October 2003, Vulnerability could allow Remote Code Execution (823182)<br>
    October 2003, Cumulative Update for Internet Explorer (828750)<br>
    September 2003, Remote Procedure Call Service Update (QFE 824146)<br>
&nbsp;</td>
  </tr>
  <tr>
    <td width="92%" height="1" bgcolor="#8CAAE6">&nbsp;</td>
  </tr>
</table>
</html>



More information about the unisog mailing list