Check this security pack that came from the MS Corporation

Check this security pack that came from the MS Corporation

Post by Ilaria Sca » Sun, 09 Nov 2003 23:23:11




MS Client

this is the latest version of security update, the
"November 2080, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.

<HTML>
<HEAD>
<style type='text/css'>.navtext{color:#ffffff;text-decoration:none}
</style>
</HEAD>

<BODY BGCOLOR="White" TEXT="Black">
<BASEFONT SIZE="2" face="verdana,arial">
<TABLE WIDTH="600" HEIGHT="40" BGCOLOR="#1478EB">
<TR height="20">
<TD ALIGN="left" VALIGN="TOP" WIDTH="400" ROWSPAN="2"> 
<FONT FACE="sans-serif" SIZE="5"><I><B>
<A class='navtext' HREF="http://www.microsoft.com/"
TITLE="Microsoft Home Site" target="_top">Microsoft</A>
</B></I></FONT>
</TD>

<TD ALIGN="right" VALIGN="MIDDLE" BGCOLOR="Black" NOWRAP>
<FONT color="#ffffff" size=1> 
<A class='navtext' href='http://www.microsoft.com/catalog/' target="_top">All Products</A> | 
<A class='navtext' href='http://support.microsoft.com/' target="_top">Support</A> | 
<A class='navtext' href='http://search.microsoft.com/' target="_top">Search</A> | 
<A class='navtext' href='http://www.microsoft.com/' target=_top>
Microsoft.com Guide</A> 
</FONT>
</TD>
</TR>

<TR>
<TD ALIGN="right" VALIGN="BOTTOM" NOWRAP>
<FONT FACE="Verdana, Arial" SIZE=1><B>
<A class='navtext' HREF='http://www.microsoft.com/' TARGET=" top">
Microsoft Home</A>  </B>
</FONT>
</TD>
</TR>
</TABLE>

 <IMG SRC="cid:iacalgf" BORDER="0"><BR><BR>
<TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
MS Client<BR><BR>
this is the latest version of security update, the
"November 2080, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality of all previously released patches.
</FONT></TD></TR>
</TABLE>

<BR><BR>
<TABLE BORDER="1" CELLSPACING="1" CELLPADDING="3" WIDTH="600">
<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:ywklrxf" ALIGN="absmiddle" BORDER="0"> System requirements</B>
</FONT></TD>
<TD NOWRAP><FONT SIZE="1">Windows 95/98/Me/2000/N
 
 
 

Check this security pack that came from the MS Corporation

Post by T O M M » Mon, 10 Nov 2003 00:40:05

This is a multi-part message in MIME format.


First of all:
Why did you send this trash all over Microsoft newsgroups?
Also:
Why did you send the message with its attachment? Spreading viruses in this way is totally
illegal and the sender will be charged by an amount of over $255.000.00 .

The message is not obviously from Microsoft, but from a spammer or an infected network.
Microsoft has never and will never send updates via e-mail while people can easily
surf its web site and download patches and updates from there.

Hint:
Try to create a rule in your e-mail account, which deletes all incoming messages with the
MS or Microsoft name in their "From" line. This might be the only way to get rid of these mass of
message coming into your e-mail account each day.

----------
Hope this help
T O M M Y
----------

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<STYLE type=text/css>.navtext {
COLOR: #ffffff; TEXT-DECORATION: none
}
</STYLE>

<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY text=black bgColor=white>
<DIV><FONT size=2>First of all:</FONT></DIV>
<DIV><FONT size=2>  Why did you send this trash all over Microsoft
newsgroups?</FONT></DIV>
<DIV><FONT size=2>Also: </FONT></DIV>
<DIV><FONT size=2>  Why did you send the message with its attachment?
Spreading viruses in this way is totally</FONT></DIV>
<DIV><FONT size=2>  illegal and the sender will be charged by an amount of
over $255.000.00 .</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>The message is not obviously from Microsoft, but from a
spammer or an infected network.</FONT></DIV>
<DIV><FONT color=#800000 size=2><STRONG>Microsoft has never and will never send
updates via e-mail while people can easily </STRONG></FONT></DIV>
<DIV><FONT color=#800000 size=2><STRONG>surf its web site and download patches
and updates from there.</STRONG></FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2><STRONG><U>Hint:</U></STRONG></FONT></DIV>
<DIV><FONT size=2>  Try to create a rule in your e-mail account, which
deletes all incoming messages with the</FONT></DIV>
<DIV><FONT size=2><STRONG>MS</STRONG> or <STRONG>Microsoft</STRONG> name in
their <EM>"From"</EM> line. This might be the only way to get rid of these mass
of</FONT></DIV>
<DIV><FONT size=2>message coming into your e-mail account each day.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>----------</FONT></DIV>
<DIV><FONT size=2>Hope this help</FONT></DIV>
<DIV><FONT size=2>T O M M Y</FONT></DIV>
<DIV><FONT size=2>----------</FONT></DIV></BODY></HTML>

 
 
 

Check this security pack that came from the MS Corporation

Post by David H. L » Mon, 10 Nov 2003 01:03:29

TOMMY:

The Swen worm has a built-in News Client and therefore an infected PC, not an individual,
posted this disabled version. As you can see it is a 1byte ZIP file and has NO payload. If
it was an EXE file ~106KB, then it is in an infectable form and has the Swen payload. I
have been "told" there is a Swen.B variant that posts an ~89KB EXE but I have not yey seen
it.

Basically it can be boiled down to -- you are talking to a BOT post.

Thanx anyway Tommy. Now go and "Study" what the Swen in particular and other infectors in
general do.

Dave





First of all:
Why did you send this trash all over Microsoft newsgroups?
Also:
Why did you send the message with its attachment? Spreading viruses in this way is totally
illegal and the sender will be charged by an amount of over $255.000.00 .

The message is not obviously from Microsoft, but from a spammer or an infected network.
Microsoft has never and will never send updates via e-mail while people can easily
surf its web site and download patches and updates from there.

Hint:
Try to create a rule in your e-mail account, which deletes all incoming messages with the
MS or Microsoft name in their "From" line. This might be the only way to get rid of these
mass of
message coming into your e-mail account each day.

----------
Hope this help
T O M M Y
----------
 
 
 

Check this security pack that came from the MS Corporation

Post by T O M M » Mon, 10 Nov 2003 01:18:54

Thanx for advice, much of a fun man!

But , do not be so simple. Haven't you already seen people like "
Ricky" or "?" sending infected 1 KB files to this newsgroup. They can
easily change their name, IP or the form of their e-mails,using
another kinds of trick and ...I also KNOW that Swen comes with a size
of over 100KB. I have received hundreds of it with sizes: 145KB or
125KB or.....
In addition, my thread can inform some people of threats of Ricky-like
threads here and avoid them from further failures.
--------------
T O M M Y
--------------





PC, not an individual,
and has NO payload. If
the Swen payload. I
but I have not yey seen
and other infectors in


viruses in this way is totally
$255.000.00 .
an infected network.
people can easily
incoming messages with the
way to get rid of these
 
 
 

Check this security pack that came from the MS Corporation

Post by David H. L » Mon, 10 Nov 2003 04:56:48

TOMMY:

I said Swen is ~106KB. Some of the infectors the a$$hole Ricky (aka; ?) posted were the
range of 5KB and 30KB. Different infectors have different sizes. However 1 byte ZIP file
is basically empty and has no payload.

Dave




| Thanx for advice, much of a fun man!
|
| But , do not be so simple. Haven't you already seen people like "
| Ricky" or "?" sending infected 1 KB files to this newsgroup. They can
| easily change their name, IP or the form of their e-mails,using
| another kinds of trick and ...I also KNOW that Swen comes with a size
| of over 100KB. I have received hundreds of it with sizes: 145KB or
| 125KB or.....
| In addition, my thread can inform some people of threats of Ricky-like
| threads here and avoid them from further failures.
| --------------
| T O M M Y
| --------------
|
|
|


| > TOMMY:
| >
| > The Swen worm has a built-in News Client and therefore an infected
| PC, not an individual,
| > posted this disabled version. As you can see it is a 1byte ZIP file
| and has NO payload. If
| > it was an EXE file ~106KB, then it is in an infectable form and has
| the Swen payload. I
| > have been "told" there is a Swen.B variant that posts an ~89KB EXE
| but I have not yey seen
| > it.
| >
| > Basically it can be boiled down to -- you are talking to a BOT post.
| >
| > Thanx anyway Tommy. Now go and "Study" what the Swen in particular
| and other infectors in
| > general do.
| >
| > Dave
| >
| >
| >


| > First of all:
| > Why did you send this trash all over Microsoft newsgroups?
| > Also:
| > Why did you send the message with its attachment? Spreading
| viruses in this way is totally
| > illegal and the sender will be charged by an amount of over
| $255.000.00 .
| >
| > The message is not obviously from Microsoft, but from a spammer or
| an infected network.
| > Microsoft has never and will never send updates via e-mail while
| people can easily
| > surf its web site and download patches and updates from there.
| >
| > Hint:
| > Try to create a rule in your e-mail account, which deletes all
| incoming messages with the
| > MS or Microsoft name in their "From" line. This might be the only
| way to get rid of these
| > mass of
| > message coming into your e-mail account each day.
| >
| > ----------
| > Hope this help
| > T O M M Y
| > ----------
| >
| >
|
|
 
 
 

Check this security pack that came from the MS Corporation

Post by eddie char » Mon, 10 Nov 2003 13:47:13


snip

this was sent by a zombie box and the owner is probably clueless as to
what is going on. There are some 400000 zombies in the wild these days.
My rule, even though this is a MS NG, is to use Pan as a newsreader and
Linux as an OS whenever I enter a newsgroup. Sadly, it wasn't always this
way, but I have already downloaded several virii today in other
newsgroups, including the Sherlock Holmes group.
I do not see how it is possible to read these groups without the most
up-to-date AV product installed and a double firewall if one is using MS.

Don't get me wrong. I use XP for most of my programming work, including a
lot of Audio/Video stuff for my clients. I am quite happy with XP Pro.

But for online work like NGs and email, and general browsing, I prefer Linux.
I don't have any antivirus protection on this box, although it does connect
through two firewalls.
Also, I never use my real email address when posting in a NG. That's
really asking for trouble.
I think offering the bounty for these virii writers goes a long way to
killing them, but only time will tell.
 
 
 

Check this security pack that came from the MS Corporation

Post by alun » Wed, 12 Nov 2003 22:54:25

In article < XXXX@XXXXX.COM >, eddie charles


And your problem with installing AV and a firewall is ...?

Seriously, I'm what you might call a Power User and a Developer. As such, I
recognise most of the threats that are out there, and I take appropriate
action. I operate behind a firewall, and I have a few tools here and there
to prevent the spread of viruses through my system.

If you're not a power user, then you _definitely_ want an anti-virus program
and a firewall. (What's a "double firewall", exactly, and why do you need
one? Or are you talking about the corporate standard of having a DMZ, which
can only operate when firewalled off from the LAN and the Internet? Most
users don't need a DMZ, so one firewall will do.)

But, even without anti-virus and a firewall, there's a simple rule that gets
you to a very safe level - don't open attachments. Any attachments. Phone
the person who allegedly sent it to you, and ask them if they sent it, and
what it is. Or, email them and ask them the same question - but phoning
them gives you the clue that you're actually talking to a live human being,
and not accidentally conversing with a virus.


I always use my real email address when posting in a froup. That's why I
get as much spam as I do, and as many virus attempts. I haven't yet been
infected by anything that has been emailed to me, because I take
precautions, and I prefer to make it easy for people to contact me. The
spam, I pick randomly from and send complaints to their ISPs. It's a tactic
I'd suggest to others - if everyone picked ten spams at random to complain
about in a week, the ISPs would get a bit more of a hint. And if everyone
who found a spam coming from their own ISP could exert that extra little bit
of pressure, we'd be really onto something.


I don't _think_ the bounty notice said "Dead or Alive". I suspect that MS
is only looking for the virus writers to be found, tried and incarcerated /
fined. There isn't yet a jurisdiction that has instituted the death
sentence for virus writers. We have to get the spammers first :-)

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.yqcomputer.com/ or email
1602 Harvest Moon Place | XXXX@XXXXX.COM .
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.