Go to the navigation

elblogg

Goa

<-->

Faked secuirty patch

29
Jul 2004
Categories
imported
Tags
english
security
sikkerhet
Discussion
be the first to
comment!
 
Delicious Save on delicious

I received this mail today:

FROM: "Microsoft Corporation Public Assistance" <ozqgiilvehzsmvt_pddoeb@xwaq.com>
TO: "Customer" <>
SUBJECT: Latest Security Pack

MS Customer

this is the latest version of security update, the
"July 2004, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to maintain the security of your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
 - MS Internet Explorer, version 4.01 and later
 - MS Outlook, version 8.00 and later
 - MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest opportun=
ity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found=
 on the Microsoft Technical Support web site.

http://support.microsoft.com/

For security-related information about Microsoft products, please visit the=
 Microsoft Security Advisor web site

http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond=
 to any replies.

----------------------------------------------
The names of the actual companies and products mentioned herein are the tra=
demarks of their respective owners.

This is the text/plain mime-version of the mail. It had a colorful microsoft-look-ish HTML version too.

Of course i knew this mail was a fake, furthermore gmail gave me this message:

An attachment named “pack1919.exe” was removed from this document as it constituted a security hazard. If you require this document, please contact the sender and arrange an alternate means of receiving it.

Please remember: Microsoft NEVER send security-mail if you’re not registered at their site for receiving such mail. And they NEVER ever send attatchments with it.

It seems this is a variant of the W32/Gibe@mm (W32/Gibe@mm, WORM_GIBE.A, W32/Gibe-A, I-Worm.Gibe, W32/Gibe.A@mm, Win32.Gibe.A, W32/Gibe@MM) worm. Although the name of the attachment, the greeting line and the subject of the message doesnt match the description at securityresponse

Leave a Reply

Bloggurat Twingly BlogRank Blogglisten