Forum Navigation

"Microsoft Critical Patch" - is a virus

 
Post new topic   Reply to topic    Zombie Nexus Forum Index -> Security
View previous topic :: View next topic  
Author Message
FraZor
Site Admin


Joined: 26 Nov 2002
Posts: 5118
Location: Enfield, London, UK

PostPosted: Wed Feb 15, 2006 9:49 am    Post subject: "Microsoft Critical Patch" - is a virus Reply with quote

There's a new virus doing the rounds, which popped up in my mailbox this morning. If you get an email from "Microsoft Corporation Network Security Center" with a subject like "Microsoft Critical Patch" that looks fairly like a legitimate email from Microsoft, rest assured this is a virus of some kind. The text reads as follows:

Quote:

this is the latest version of security update, the "February 2006, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. This update includes the functionality of all previously released patches.


Here's a screen shot of the email I received:

( missing image )
(Click to enlarge)

Here's the indications that its fake:

  • Microsoft would NEVER email you a patch
  • Microsoft not refer to themselves as "MS" nor would they call you an "MS User"
  • Microsoft would not mail you from an email address like "ftwsfvszvhuecli-tsei@support.com"
  • The Microsoft logo is wrong
  • The patch they offer in this email address covers too many OS's. Some of which use different architectures and some of which are now unsupported, so one patch simply wouldn't work.

So NEVER EVER assume that an email like this came from Microsoft and NEVER EVER open an executable from within an email or even an attachment of any kind, unless you know who its come from and are reasonably sure its not malicious. Keep your computer up to date yourself by going to the Windows Update site, or rely on your friendly IT services team where you work. I don't know what virus is in the exe file, as it was blocked by the web server before it reached me, so I'll update this later when I know more.
_________________
Quote:"The question is not whether or not you're paranoid, its whether or not you're paranoid enough.'' Max, Strange Days
System: DFI LanParty UT NF4-Ultra, Athlon64 X2 4400+, GeForce 7800GTX 256Mb, 2Gb Corsair XMMS3500C2PRO, Creative X-Fi.


Last edited on Wed Feb 15, 2006 9:56 am; edited 2 times in total

Back to top
View user's profile
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Wed Feb 15, 2006 12:08 pm    Post subject: Reply with quote

Hmmm, a quick search shows that this hoax is not a new one.

  • This from September 2003 containing W32.Swen.A@mm
  • This from February 2004 containing W32/Gibe-F

So, in other words this could be any new virus using a trick that's been tried before. Does the text attachment not say what virus was removed?
_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei

Back to top
View user's profile AIM Address MSN Messenger
FraZor
Site Admin


Joined: 26 Nov 2002
Posts: 5118
Location: Enfield, London, UK

PostPosted: Wed Feb 15, 2006 2:20 pm    Post subject: Reply with quote

Damn it. I googled for it and came up blank. Clearly I must have googled for the wrong bit. Anyway, don't know what virus as it was completely stripped from the email, and the report just gives the name of the stripped file.
_________________
Quote:"The question is not whether or not you're paranoid, its whether or not you're paranoid enough.'' Max, Strange Days
System: DFI LanParty UT NF4-Ultra, Athlon64 X2 4400+, GeForce 7800GTX 256Mb, 2Gb Corsair XMMS3500C2PRO, Creative X-Fi.


Last edited on Wed Feb 15, 2006 7:47 pm; edited 1 time in total
Back to top
View user's profile
Pugwash2004
Guest





PostPosted: Mon Feb 20, 2006 12:49 pm    Post subject: Reply with quote

Sadly I still know people who would believe this if they received it.
Back to top
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Mon Feb 20, 2006 1:26 pm    Post subject: Reply with quote

Same here Sad

Hopefully by posting the warnings we can inform some people, but obviously we can only reach people who visit here. Still, every little helps! Smile

_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei
Back to top
View user's profile AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Zombie Nexus Forum Index -> Security All times are BST
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

ZBN Codebase (version 3.4.6)
Copyright © 2001 - 2009 Fraser Pearce & Graeme Wheeler. All Rights Reserved.
All trademarks and logos are the property of their respective owners.

Powered by phpBB © 2001, 2005 phpBB Group
Enhanced by these phpBB Mods and Hacks