Email from Microsoft ?

From: Steve Dixon (
Date: 05/22/02

From: "Steve Dixon" <>
Date: Wed, 22 May 2002 02:39:38 -0700

(I have also sent a copy to, as the return
email address in the original message
<> does not exist.)

My virus scanner (Norton) detected your attached files as
having a virus,
with the following message ...

This file: "q216309.zl9" was infected with: "W32.Gibe.dam"

The file was deleted by Norton AntiVirus. Wednesday, May
22, 2002 08:29

(q216309.zl9 was renamed from q216309.EXE by Norton Anti-
Virus as part of
its protection )

I have visited the link on your web site and the file name
is different
(Q321232: Security Update)

I must admit I am a little confused now ? Is this a
genuine update from
Microsoft or a very clever hacker ?


----- Original Message -----
From: "Microsoft Corporation Security Center"
To: "Microsoft Customer" <''>
Sent: Tuesday, May 21, 2002 7:09 PM
Subject: Internet Security Update

Microsoft Customer,

     this is the latest version of security update, the

known security vulnerabilities affecting Internet Explorer
MS Outlook/Express as well as six new vulnerabilities, and
discussed in Microsoft Security Bulletin MS02-005. Install
now to
protect your computer from these vulnerabilities, the most
serious of which
could allow an attacker to run code on your computer.

Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute E-mail
If a malicious user sends an affected HTML e-mail or hosts
an affected
e-mail on a Web site, and a user opens the e-mail or
visits the Web site,
Internet Explorer automatically runs the executable on the
user's computer.

- A vulnerability that could allow an unauthorized user to
learn the
of cached content on your computer. This could enable the
user to launch compiled HTML Help (.chm) files that
contain shortcuts to
executables, thereby enabling the unauthorized user to run
the executables
on your computer.

- A new variant of the "Frame Domain Verification"
vulnerability could
enable a
malicious Web site operator to open two browser windows,
one in the Web
domain and the other on your local file system, and to
pass information from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end
with a CLSID file
do not show the actual full extension of the file when
saved and viewed with
Windows Explorer. This allows dangerous file types to look
as though they
are simple,
harmless files - such as JPG or WAV files - that do not
need to be blocked.

System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.

For more information about these issues, read Microsoft
Security Bulletin
MS02-005, or visit link below.
If you have some questions about this article contact us at

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft