Is this a hacker's trick?? **WARNING**
From: crazzzz (crazzzz2222@yahoo.ca)
Date: 09/17/02
- Next message: crazzzz: "cant veiw attachments"
- Previous message: FRANCINE: "outlook express"
- In reply to: amcheeks: "Is this a hacker's trick?? **WARNING**"
- Next in thread: George Ruch: "Re: Is this a hacker's trick?? **WARNING**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "crazzzz" <crazzzz2222@yahoo.ca> Date: Mon, 16 Sep 2002 17:18:37 -0700
>-----Original Message-----
>
>Hi,,,i got an e-mail yesterday and i am trying to find
>out whether it was legit or not,,, i have norton security
>and when i started downloading mail it came up with a
>message saying i had a virus trying to be sent to me..I
>had to have it quarantined and i didn't open attachment,
>but i did see the senders name, the name was pluto and
>they message said ,,,windows xp patch, enjoy,, i didnt'
>open attachment, because i can't see microsoft sending a
>patch that way,, is that possible
>
>
>>-----Original Message-----
>>Today I received this email with an attachment
>q216309.exe
>>supposedly from Microsoft.com {the actual email address
>>was rdquest12@microsoft.com} This is the message:
>>
>>((Microsoft Customer,
>>
>> this is the latest version of security update, the
>>"11 Sep 2002 Cumulative Patch" update which eliminates
>all
>>known security vulnerabilities affecting Internet
>Explorer
>>and
>>MS Outlook/Express as well as six new vulnerabilities,
>and
>>is
>>discussed in Microsoft Security Bulletin MS02-005.
>Install
>>now to
>>protect your computer from these vulnerabilities, the
>most
>>serious of which
>>could allow an attacker to run code on your computer.
>>
>>
>>Description of several well-know vulnerabilities:
>>
>>- "Incorrect MIME Header Can Cause IE to Execute E-mail
>>Attachment" vulnerability.
>>If a malicious user sends an affected HTML e-mail or
>hosts
>>an affected
>>e-mail on a Web site, and a user opens the e-mail or
>>visits the Web site,
>>Internet Explorer automatically runs the executable on
>the
>>user's computer.
>>
>>- A vulnerability that could allow an unauthorized user
>to
>>learn the location
>>of cached content on your computer. This could enable
>the
>>unauthorized
>>user to launch compiled HTML Help (.chm) files that
>>contain shortcuts to
>>executables, thereby enabling the unauthorized user to
>run
>>the executables
>>on your computer.
>>
>>- A new variant of the "Frame Domain Verification"
>>vulnerability could enable a
>>malicious Web site operator to open two browser windows,
>>one in the Web site's
>>domain and the other on your local file system, and to
>>pass information from
>>your computer to the Web site.
>>
>>- CLSID extension vulnerability. Attachments which end
>>with a CLSID file extension
>>do not show the actual full extension of the file when
>>saved and viewed with
>>Windows Explorer. This allows dangerous file types to
>look
>>as though they are simple,
>>harmless files - such as JPG or WAV files - that do not
>>need to be blocked.
>>
>>
>>System requirements:
>>Versions of Windows no earlier than Windows 95.
>>
>>This update applies to:
>>Versions of Internet Explorer no earlier than 4.01
>>Versions of MS Outlook no earlier than 8.00
>>Versions of MS Outlook Express no earlier than 4.01
>>
>>How to install
>>Run attached file q216309.exe
>>
>>How to use
>>You don't need to do anything after installing this
>item.
>>
>>
>>For more information about these issues, read Microsoft
>>Security Bulletin MS02-005, or visit link below.
>>http://www.microsoft.com/windows/ie/downloads/critical/de
>fa
>>ult.asp
>>If you have some questions about this article contact us
>>at rdquest12@microsoft.com
>>
>>Thank you for using Microsoft products.
>>
>>With friendly greetings,
>>MS Internet Security Center.
>>----------------------------------------
>>----------------------------------------
>>Microsoft is registered trademark of Microsoft
>Corporation.
>>Windows and Outlook are trademarks of Microsoft
>>Corporation.))
>>
>>The only reasons I was worried is because one: I have
>>Windows Update and I searched the attachment name
>through
>>Microsoft and there was none. Two: It went to an email
>>address not registered with Microsoft. Is it real or
>fake?
>>
>>.look here
>>http://support.microsoft.com/default.aspx?scid=fh;EN-
CA;sp
>.
>
- Next message: crazzzz: "cant veiw attachments"
- Previous message: FRANCINE: "outlook express"
- In reply to: amcheeks: "Is this a hacker's trick?? **WARNING**"
- Next in thread: George Ruch: "Re: Is this a hacker's trick?? **WARNING**"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
