Re: I keep getting mass email from MS security with a virus attached

From: Bill (billpierpont_at_comcast.net)
Date: 09/15/03 

Date: Sun, 14 Sep 2003 19:59:14 -0700

I understand the problems but it's going to be pretty hard
to lock down broadband PC's when someone is sending emails
that look legit and look like they are from MS.

MS should conceder some sort of PR campaign to make people
aware of the problem.

Thanks for the reply
got to go filter those emails now.

>-----Original Message-----
>Complaining is not worth the bother. While it may look
like you have the
>IP address of a nasty spammer, you most likely have the
IP address of a
>poor schmoe on a broadband connection whose computer has
been hijacked
>by a virus that downloaded a proxy server that allows
spammers to relay
>spam anonymously.
>
>The SoBig virus, for example, is a morphing virus that
goes through
>three stages of evolution. First is the SoBig virus that
sends all the
>email after poor schmoe clicks on the virus attachment.
This virus then
>downloads the Lala trojan which deletes the SoBig virus
and then
>downloads a pirated version of the Wingate proxy server.
>
>There are now thousands and perhaps tens of thousands of
proxy servers
>relaying spam worldwide. And the spammers are untraceable
behind those
>proxies. Spam is once again out of control until
broadband computers are
>locked down and protected.
>
>--
>Kent W. England, Microsoft MVP for Windows
>
>
>
>"Bill Pierpont" <billpierpont@comcast.net> wrote in
>message news:2c6801c37b1a$30ce2bd0$a501280a@phx.gbl...
>> I keep getting mass emails claiming to be a MS security
>> patch. The email looks very offical asthough it is from
>> Microsoft but the attachment is a virus. I was wondering
>> who I should notify about this as it seems that this
must
>> be a very effective way for people to plant worms and it
>> would seem that MS should be concerned about someone
>> acting as them to spread worms and viruses but I can not
>> find anyone to send this info too.
>>
>> I get at least one a day sometimes more.
>>
>> Here is the email with headers
>> Received: from sccrgxc03.comcast.net ([204.127.202.63])
>> by sccrmxc13.comcast.net (sccrmxc13) with
ESMTP
>> id <20030914154357s1300q6pfue>; Sun, 14 Sep
2003
>> 15:43:57 +0000
>> Received: from smtp-out4.blueyonder.co.uk
([195.188.213.7])
>> by comcast.net (sccrgxc03) with ESMTP
>> id <20030914154356e0300k2mh8e>; Sun, 14 Sep
2003
>> 15:43:56 +0000
>> Received: from bKodizL ([82.39.90.101]) by smtp-
>> out4.blueyonder.co.uk with Microsoft SMTPSVC
>> (5.0.2195.5600);
>> Sun, 14 Sep 2003 16:43:34 +0100
>> FROM: "MS Internet Security Department"
>> <lukdrbz_vudtmakik@tVWZImC.com>
>> TO: "MS Customer" < >
>> SUBJECT: Security Pack
>> X-Virus-Scanned: NOD32
>> Mime-Version: 1.0
>> Content-Type: multipart/mixed; boundary="EdyXlSowzhL"
>> Return-Path: missblackcat@blueyonder.co.uk
>> Message-ID: <ECOWS04MpyXxYohniWx000067f3@smtp-
>> out4.blueyonder.co.uk>
>> X-OriginalArrivalTime: 14 Sep 2003 15:43:35.0074 (UTC)
>> FILETIME=[F521F820:01C37AD6]
>> Date: 14 Sep 2003 16:43:35 +0100
>>
>> MS Customer
>>
>> this is the latest version of security update, the
>> "September 2003, Cumulative Patch" update which
eliminates
>> all
>> known security vulnerabilities affecting Internet
Explorer,
>> Outlook and Outlook Express as well as five newly
>> discovered
>> vulnerabilities. Install now to protect your computer
from
>> these
>> vulnerabilities, the most serious of which could allow
an
>> attacker to
>> run executable on your system. This update includes the
>> functionality
>> of all previously released patches.
>>
>> System requirements:
>> Win 9x/Me/2000/NT/XP
>>
>> This update applies to:
>> Microsoft Internet Explorer, version 4.01 and later
>> Microsoft Outlook, version 8.00 and later
>> Microsoft Outlook Express, version 4.01 and later
>>
>> Recommendation:
>> Customers should install the patch at the earliest
>> opportunity.
>>
>> How to install:
>> Run attached file. Click Yes on displayed dialog box.
>>
>> How to use:
>> You don't need to do anything after installing this
item.
>>
>> Microsoft Technical Support is available at
>> http://support.microsoft.com/
>>
>> For security-related information about Microsoft
products,
>> please visit the Microsoft Security Advisor web site at
>> http://www.microsoft.com/security
>>
>> Contact us at
>> http://www.microsoft.com/isapi/goregwiz.asp?
>> target=/contactus/contactus.asp
>>
>>
>> Please do not reply to this message. It was sent from an
>> unmonitored
>> e-mail address and we are unable to respond to any
replies.
>>
>> Thank you for using Microsoft products.
>>
>>
>> Thanks
>> Bill Pieppont
>
>.
>

Relevant Pages

  • Re: Patch emails containing viruses
    ... > immediately" from Microsoft containing the Dumaruu virus! ... > the technician warned me that these emails have become ... How to report Virus-SPAM ...
    (microsoft.public.security.virus)
  • Re: Possible Virus???
    ... Lots of us have received these Emails. ... The attachment is a virus. ... Microsoft sends security updates but NEVER with attachments. ... "Denise Killeen" wrote in message ...
    (microsoft.public.windowsxp.security_admin)
  • Re: virus email/fraudently reprenting Microsoft
    ... Microsoft is well aware of these emails. ... They are sent by machines infected with the virus contained in the email ... > the IP address of the sender an the IP address says ...
    (microsoft.public.security.virus)
  • Re: "support@microsoft.com"
    ... Microsoft never ever sends out emails with files attached. ... NOW HAVE A VIRUS. ... computer than I do my car. ...
    (microsoft.public.security)
  • RE: SMTP sending failure, connection is dropped by remote host
    ... If you use smarthost to send internet emails, could you use DNS to send ... I will be here waiting for your updates. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)