Have you been opening dodgy attachments on yer mail ? I'm asking cos I received a mail from "Microsoft" but when examined it has the return address as
chris@gibbs111.fsnet.co.uk . It comes complete with an executable file which you're supposed to run.
Check your PC dude
(sorry to be the bearer of bad news)
Update, my brother received the same too, he's on T.O.L. as well as me, maybe a link ?
The e-mail source is cut and pasted here in its entirety, bar the file of course
Sorry for the length of the post.
Received: from imailg2.svr.pol.co.uk ([195.92.195.180]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75);
Sun, 28 Apr 2002 16:22:16 +0100
Received: from modem-817.grommet.dialup.pol.co.uk ([62.25.159.49] helo=pfuckie)
by imailg2.svr.pol.co.uk with smtp (Exim 3.35 #1)
id 171qTj-00070a-00; Sun, 28 Apr 2002 16:20:45 +0100
From: "Microsoft Corporation Security Center"
To: "Microsoft Customer" <'customer@yourdomain.com'>
Subject: Internet Security Update
Reply-To:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="NextPart_000235"
Message-Id:
Date: Sun, 28 Apr 2002 16:20:45 +0100
Return-Path: chris@gibbs111.fsnet.co.uk
This is a multi-part message in MIME format.
You should read this with client which
supported MIME standard.
--NextPart_000235
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Microsoft Customer,
this is the latest version of security update, the
"24 Apr 2002 Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.
Description of several well-know vulnerabilities:
- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.
- A vulnerability that could allow an unauthorized user to learn the location
of cached content on your computer. This could enable the unauthorized
user to launch compiled HTML Help (.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized user to run the executables
on your computer.
- A new variant of the "Frame Domain Verification" vulnerability could enable a
malicious Web site operator to open two browser windows, one in the Web site's
domain and the other on your local file system, and to pass information from
your computer to the Web site.
- CLSID extension vulnerability. Attachments which end with a CLSID file extension
do not show the actual full extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to look as though they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.
System requirements:
Versions of Windows no earlier than Windows 95.
This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item.
For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/default.asp
If you have some questions about this article contact us at rdquest12@microsoft.com
Thank you for using Microsoft products.
With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.
--NextPart_000235
Content-Type: application/x-msdownload;
name="q216309.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="q216309.exe"
Cheers Tony,
I've been bombed with virus e-mails, I think we know where they're coming from( think pissed off IT guru)
Appologies to all
I wonder if Microsoft would like to know who is taking thier name in vain?
Thanks again
Chris
No probs, was a bit worried in case you weren't on the ball
Check out Symantec's site regarding this virus and how to get rid of it. http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html
/>
Thanks Mark,
It's Done!
Cheers
Chris
Hey guys, I got the same email, tell me who the IT guru?!? is and I'll send one of my laser guided missiles through his roof, I feel like kicking his arse just for being a knob and making me read a crap email from MS. Is it the prick from the other list, can't remember his name, who posted about the alien shite.
I received it aswell- was a little surprised to be receiving a mail from M$ to say the least!
Were you suggesting that it was Wally from TOL? I'd be interested to know as I've certainly never had any dealings with him at all other than being a
member of TOL.
As far as I know I haven't made too many enemies between the lists (well, none that have let themselves be known to me anyway! )
Who else has recieved it? Guess it could be all people who are on both lists or something? In which case I'd have thought Bob and TheConrod would have
got it too and probably quite a few others.
Looking at what the worm does (on Symantec) I wonder if it might just be some other locoster (who therefore has our e-mail addresses) who's got
infected and the worm has then worked it's way throughout their address list sending it to all of us (with a disguised sender address).
Or maybe I'm too trusting of people!
Maybe we'll one day meet whoever it is at a show....
James
Ok, re-reading the posts I think I'm just being a pleb.
Nothing new there...
The point being it's Chris who inadvertantly sent it to us- having been bombed/infected with it by a "pissed IT guru".
But hey, atleast we know who it was in the first place.
Or have I now got it all wrong?
Oh well, gotta go weld my chassis now.
James
Hey James, a bit off topic but you got me thinking about all this IT poo and how they steal all the exciting words to make what they do seem
exciting, bombed, virus, infected, surf, guru. Hmmmm. It's a bit like advertising isn't it, all the most exciting adverts are for the most boring
products, washing powder, banks, car insurance. Hell I'd never try and make my job sound more exciting, I just don't tell anyone that way they won't
fall asleep on me.
Sorry, Monday afternoon ramblings, time for my medication I think then back to my cubicle to sit at my PC, D'oh! I'm already there.
I wouldn't get too excited about an "IT guru" conspiracy theory... this "worm" moves around by picking up the addresses from a PC and shipping itself
to those locations.
The person who sent it to Chris probably didn't know he had it himself.
David
(Who's very grateful that his AVG virus checker blocked this e-mail worm last night)
What not even the theories that norton and symantic write these worms in the first place to boost sales. Sure there was a MI2 plot in there too.
Too much tele, not enough building.
Anyway I like the 'IT guru' conspiracy theory, it gives me someone to h8 and shout about when I put my bare hand on my newly welded butt joint, its
not much fun blaming yourself for doing something that stoopid.
Yep i got it too
If you recieve an email you're not sure of try looking at it's 'properties' before opening the attachments. You can see where it originated etc. I was a little unsure when I saw the 'helo-pfuckie' line, so binned it!
Hi all,
Once again, massive appologies to you all...Sorry x many
I might buy the random virus theory if I hadn't had 60 odd similar e mails (which my anti virus has caught)since I annoyed someone who we know.
60+ in three months suggests that it's not random to me, It suggests someone who
a. Dosen't like me
b. works in an environment where they could gather viri.
Anyway, chaps, It's a large round of norton anti-virus all round!
Appologies again
Cheers
Chris
No problem Chris, it's not your fault some sad bastard feels like he's nothing better to do than send dodgy emails. He must lead a very sad sad life. So if he's out there and reading this I challenge him to send me one of his dodgy emails, I'll track the puss down. I have the technology and the resources. Sorry but lowlifes like this really make me mad as fuck.
quote:
I might buy the random virus theory if I hadn't had 60 odd similar e mails (which my anti virus has caught)since I annoyed someone who we know.
60+ in three months suggests that it's not random to me
guys, i got it to, but as always, i only download from people i know, if i am a little usure, i delete it!!!!!
I've Given it a try David, but whoever it is knows their onions I'm afraid - all the viri are sent from used once "Hotmail" addresses on public
computers - i.e. untracable (yahoo did think they'd got something but it turned out to be a cyber cafe)
Cheers
Chris
PS I've updated my anti-virus again, and all mail now goes through 5 (count'em) programmes
Just to add my two cents to this, as someone who works in the industry. The people who inadvertently forward the email aren't the ones who should be
blamed for infecting everyone else's machines. The real culprits are the sad little f*cks who sit around and write the viri in the first place.
Just for info, we use Sophos (www.sophos.com). They are very on the ball, and send out updates to the virus software via email. This usually happens
days before all your friends send you an email that says 'dont open this email if you get it'. Personally, my advice is, if in doubt, don't open the
attachment.
I agree with you Stu, and Chris you must really pissed someone off if they had to go to a cyber cafe, pay their £, setup a one off address just to send you some crap. I bet they even took the tape from the security camera when they left. Either that or they aren't getting any if you know what I mean and their membership for the porn sites just ran out. That reminds me.
quote:
I've Given it a try David, but whoever it is knows their onions I'm afraid - all the viri are sent from used once "Hotmail" addresses on public computers - i.e. untracable (yahoo did think they'd got something but it turned out to be a cyber cafe)
Cheers
Chris
Unsurprisingly James,
Yahoo wouldn't give me the location. I suppose they had visions of me kicking the door in and demanding to know all the names of the people who had
ever been in thier cafe!!!!!!
I don't know who it is, and, legally, I wouldn't want to speculate, but I have my suspicions. I have no proof, and thats the important thing. Maybe
who ever it is will grow up a little or get tired.
If I do meet up with the person in the real world, I'm going to rip their head off and sh*t down their neck !!!!!!!(for starters)
Cheers
Chris