I just received a strange email, and i want to know what it is, and maybe try to (filtered) up the one that is responsible
The mail is from: MS security Assistance Subject: Current Critical Pack To: Microsoft Client Attachement: Current Critical Pack (10,1 kB)
This is the content and i included the header on the buttom of this post.
[ANTIVIRUS DE CORREO TERRA]
Este correo fue revisado por el Antivirus de Correo de Terra. Lo(s) siguiente(s) archivos(s) han sido desinfectado(s) o eliminado(s):
Install95.exe fue infectado con el virus malicioso W32.Swen.A@mm y ha sido eliminado porque no puede ser desinfectado.
Por favor, contacte al remitente.
[INICIO DEL MENSAJE]
----------------------------------------
Header
CODE
Return-Path: <jhumana@terra.cl> Delivered-To: xxxxxxx@zonnet.nl Received: (qmail 22309 invoked by uid 0); 2 Oct 2003 16:31:25 -0000 Received: from unknown (HELO postbus01.zonnet.nl) ([xx.xxx.x.xxx]) (envelope-sender <jhumana@terra.cl>) by qmail03.zonnet.nl (qmail-ldap-1.03) with SMTP for < >; 2 Oct 2003 16:31:25 -0000 Delivered-To: CLUSTERHOST postbus01.zonnet.nl xxxxxxx@zonnet.nl Received: (qmail 15562 invoked by uid 0); 2 Oct 2003 16:31:25 -0000 Received: from biobio.terra.cl ([xxx.xx.xxx.x]) (envelope-sender <jhumana@terra.cl>) by postbus01.zonnet.nl (qmail-ldap-1.03) with SMTP for < >; 2 Oct 2003 16:31:24 -0000 Received: from biobio.terra.cl (xxx.xx.xxx.x) by biobio.terra.cl (x.x.xxx) id 3F7C3A120000FEF6; Thu, 2 Oct 2003 12:35:45 -0400 Received: from laanj (xxx.xx.xx.xxx) by genesis.terra.cl (x.x.xxx) id 3F7B3B1B0003F404; Thu, 2 Oct 2003 00:27:15 -0400 Date: Thu, 2 Oct 2003 00:27:15 -0400 (added by postmaster@ctcinternet.cl) Message-ID: <3F7B3B1B0003F404@genesis.terra.cl> (added by postmaster@ctcinternet.cl) FROM: "MS Security Assistance" <hrmscxxyefsqz@support_microsoft.com> TO: "Microsoft Client" <client-chegmdibrn@support_microsoft.com> SUBJECT: Current Critical Pack Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="orNbAKP6pH3ECLVoU2vwF8gOyGg4FwPH8EDRHuN7lez1lmecBQ9xOg8mzJeYiDx5" X-BLTSYMAVREINSERT: XOGVU818OD/HzeHsYaCHmYWu7F8A
This is a multi-part message in MIME format. --orNbAKP6pH3ECLVoU2vwF8gOyGg4FwPH8EDRHuN7lez1lmecBQ9xOg8mzJeYiDx5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit
[ANTIVIRUS DE CORREO TERRA]
Este correo fue revisado por el Antivirus de Correo de Terra. Lo(s) siguiente(s) archivos(s) han sido desinfectado(s) o eliminado(s):
Install95.exe fue infectado con el virus malicioso W32.Swen.A@mm y ha sido eliminado porque no puede ser desinfectado.
Por favor, contacte al remitente.
[INICIO DEL MENSAJE] --orNbAKP6pH3ECLVoU2vwF8gOyGg4FwPH8EDRHuN7lez1lmecBQ9xOg8mzJeYiDx5 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Received: from laanj (200.50.54.244) by genesis.terra.cl (6.5.034) id 3F7B3B1B0003F404; Thu, 2 Oct 2003 00:27:15 -0400 Date: Thu, 2 Oct 2003 00:27:15 -0400 (added by postmaster@ctcinternet.cl) Message-ID: <3F7B3B1B0003F404@genesis.terra.cl> (added by postmaster@ctcinternet.cl) FROM: "MS Security Assistance" <hrmscxxyefsqz@support_microsoft.com> TO: "Microsoft Client" <client-chegmdibrn@support_microsoft.com> SUBJECT: Current Critical Pack Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="socrkceuhjwwgf"
this is the latest version of security update, the "October 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your system. This update includes the functionality = of all previously released patches.
System requirements: Windows 95/98/Me/2000/NT/XP This update applies to: - MS Internet Explorer, version 4.01 and later - MS Outlook, version 8.00 and later - MS Outlook Express, version 4.01 and later
Recommendation: Customers should install the patch = at the earliest opportunity. How to install: Run attached file. Choose Yes on displayed dialog box. How to use: You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles = can be found on the Microsoft Technical Support web site. [URL=http://support.microsoft.com/]http://support.microsoft.com/[/URL]
For security-related information about Microsoft products, please = visit the Microsoft Security Advisor web site [URL=http://www.microsoft.com/security/]http://www.microsoft.com/security/[/URL]
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable = to respond to any replies.
---------------------------------------------- The names of the actual companies and products mentioned = herein are the trademarks of their respective owners. Copyright 2003 Microsoft Corporation.
<IMG SRC=3D"cid:nmqrlkz" BORDER=3D"0"><BR><BR> <TABLE WIDTH=3D"600"><TR><TD><FONT SIZE=3D"2"> MS Client<BR><BR> this is the latest version of security update, the "October 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your system. This update includes the functionality = of all previously released patches. </FONT></TD></TR> </TABLE>
<TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:noazwpl" = ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to</B> </FONT></TD><TD NOWRAP> <FONT SIZE=3D"1"> MS Internet Explorer, version 4.01 and later<BR> MS Outlook, version 8.00 and later<BR> MS Outlook Express, version 4.01 and later </FONT> </TD> </TR>
<TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:noazwpl" = ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</B></FONT></TD> <TD NOWRAP><FONT SIZE=3D"1">Customers should install the patch = at the earliest opportunity.</FONT></TD> </TR>
<TR VALIGN=3D"TOP"> <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:noazwpl" = ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</B></FONT></TD> <TD NOWRAP><FONT SIZE=3D"1">You don't need to do = anything after installing this item.</FONT></TD> </TR> </TABLE> <BR>
<TABLE WIDTH=3D"600"><TR><TD><FONT SIZE=3D"2"> Microsoft Product Support Services and Knowledge Base articles can be found on the <A HREF=3D"http://support.microsoft.com/" = TARGET=3D"_top">Microsoft Technical Support</A> web site. = For security-related information about Microsoft products, please = visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top"> Microsoft Security Advisor</A> web site, = or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" = TARGET=3D"_top">Contact Us.</A> <BR><BR> Thank you for using Microsoft products.<BR><BR></FONT> <FONT SIZE=3D"1">Please do not reply to this message. = It was sent from an unmonitored e-mail address and we are unable = to respond to any replies.<BR></FONT>
<HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> <FONT SIZE=3D"1" COLOR=3D"Gray">The names of the actual companies and = products mentioned herein are the trademarks = of their respective owners.</FONT> </TD></TR></TABLE>
Just common sense.. Microsoft never sends any patch files by email to its clients.. You are in right way, I too had heard about a Virus which comes with a Subject MICROSOFT PATCH etc.. Don't know much about it, But, In my knowledge it is a Virus, Take care yaa...
Manu
woundedtiger
Oct 3 2003, 07:35 PM
its a bse64 exploit in internet explore one can downlaod a exe just opening that email. i dont know what type of virus it has but it HAS
gwon
Oct 15 2003, 09:58 PM
i get this email like 15 times a DAY...and I'm on 56k....the attatchment is about 200k....is there anyway of stopping these emails? they are really killing me.
dinox
Nov 7 2003, 02:47 AM
block the address if u using hotmail or yahoo..else add in the blacklist...
detail? search on internet.....that the use of internet...
rWp
Dec 9 2003, 09:20 AM
Yes this is an exploit dont run that patch on your system.
ikkyu
Dec 10 2003, 11:10 PM
try using something like spamassassin, it usually catches this type of garbage for me
dredre
Dec 11 2003, 04:02 AM
try email tracker pro and visual route to trace it back. yay, first post.
beardednose
Dec 12 2003, 01:05 PM
Welcome, dredre! Just remember to read the rules and search before posting. The mods have itchy warning fingers these days, trying to keep this board clean and helpful.
Good to have you.
Have a happy, bearded Christmas!
what
Dec 14 2003, 06:55 PM
I have actually recieved this e-mail also, and I backed tracked it to the IP address, but it's just a worm. Chances are, the person that sent it to you doesn't even know it. And who ever sent it to them doesn't know it, so it's best to just delete it and move on. The most you can do is tell whoever sent it to you that their computer is infected.
dfx
Dec 17 2003, 02:31 AM
QUOTE (thePFY @ Oct 15 2003, 09:58 PM)
i get this email like 15 times a DAY...and I'm on 56k....the attatchment is about 200k....is there anyway of stopping these emails? they are really killing me.
Hate to bring up an old thread, but if you don't want to spend the time downloading large attachments over a dialup connection, use a program that lets you view the emails on the mail server BEFORE you download them.
I'm sure there are programs that attach to Outlook or OE, but that one I used to use is called Popcorn. It only pulls the headers down, like newsgroups, then if you want to view the email you just double-click on the header. It has all of the functions as a standard POP3 client, including replying and composing new messages.
block the address if u using hotmail or yahoo..else
