Bugtraq mailing list archives
RE: Wave of fake Official Microsoft Advisory
From: "Lee Evans" <lee () vital co uk>
Date: Fri, 19 Sep 2003 19:17:41 +0100
Hi, Following links provide further details: http://www.theregister.co.uk/content/56/32925.html http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a () mm ht ml Regards Lee -- Lee Evans
-----Original Message----- From: Mail [mailto:mail () Gnome CA] On Behalf Of Bruno Clermont Sent: 19 September 2003 15:57 To: bugtraq () securityfocus com Subject: Wave of fake Official Microsoft Advisory Since this morning I start seeing tons of fake Microsoft Advisories by mail. They contain a .exe attachment. Running strings(1) on the file show it contain it's own HTML mail source (and other version of the advisory), and many of the stuff it try to do: - Increment a web counter "GET http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&
set=cnt006 HTTP/1.0" - query a POP3 account at ww2.fce.vutbr.cz - retrieve stuff from a newsgroup and post a message - modify mIRC configuration - alter some Kaaza registry keys - probably more stuff in all the encoded content The mail really look like an official Microsoft communication with all those legal reference to microsoft.com website. At the rate those mail are coming many users had already been fooled, and infection had just started. Some of the original mails (with .exe attachment) are available in mbox format at http://www.gnome.ca/ms.mbox.
Current thread:
- Wave of fake Official Microsoft Advisory Bruno Clermont (Sep 19)
- RE: Wave of fake Official Microsoft Advisory Lee Evans (Sep 19)