MS security Update Virus
From: Richard Mueller (rlmueller_at_ameritech.net)
Date: 09/20/03
- Next message: David Farrell-Garcia: "are these messages ever going to stop..."
- Previous message: Peaceforall: "ONE MORE THING. HEADER INFO"
- In reply to: shibu: "MS security Update Virus"
- Next in thread: shibu: "Re: MS security Update Virus"
- Reply: shibu: "Re: MS security Update Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 20 Sep 2003 12:19:49 -0700
Hi,
Good questions. I just spent considerable time cleaning
out my mailbox on a yahoo server. The crazy part is that
the messages are blocked because they look like spam, not
because they infected. Many more infected messages get
through. The ones blocked are kept in a "bulk" folder for
you to review, again, because they might be spam, not
because they are infected. I configured my yahoo account
to no longer block spam, but allow everything to be
downloaded, then immediately deleted from the yahoo
server. This way, my virus software and firewall can deal
with it. Of course, I never even look at any email until I
have disconnected from the Internet, and I never click on
attachment. If in doubt, I save to disk and scan.
The only solution I know is to either review you email
online through the Yahoo site, or turn of the spam blocker
(as I did) so your mailbox on their server doesn't fill up
without you even knowing. Of course, then you must deal
with the mail in your email program.
The virus is W32.Swen.
Microsoft info:
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/virus/alerts/swen.asp
Symantec Info:
http://securityresponse.symantec.com/avcenter/venc/data/w32
.swen.a@mm.html
Two type of messages are infected:
1. Spoofed Microsoft update or patch messages with *.exe
attachment.
2. Mail delivery failure notices. These don't appear to
have an attachment, but have html source code that
attempts to download or run a script. They are infected.
The latest Norton AntiVirus signature file does not
recognize this virus. Download the beta signature file at
this link, which does recognize it.
ftp://ftp.symantec.com/public/english_us_canada/antivirus_d
efinitions/norton_antivirus/beta/symcbetadefsi32.exe
The same thing happened with the Sobig.F virus a few weeks
ago. Most of the mail servers do not recognize the virus.
They block because it looks like spam, or send you mail
delivery failure messages because the addressee is unknown
(not because it's infected). This amazes me.
Richard
Microsoft MVP Scripting and ADSI
>-----Original Message-----
>Hi All,
>I am getting a virus from "xxxx&advisor.ms.com" which
gives some
>security upgrade for windows application. Due to this
virus size, my
>Yahoo free space is exceeding. What I can do, so that
this mails will
>be blocked by yahoo itself. Why yahoo team is not
upgrading there mail
>server with this virus details...
>
>Regards
>Shibu
>.
>
- Next message: David Farrell-Garcia: "are these messages ever going to stop..."
- Previous message: Peaceforall: "ONE MORE THING. HEADER INFO"
- In reply to: shibu: "MS security Update Virus"
- Next in thread: shibu: "Re: MS security Update Virus"
- Reply: shibu: "Re: MS security Update Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
