Printable Version | Subscribe | Add to Favourites
New Topic New Poll New Reply
Author: Subject: F.A.O. Chris Gibbs (long but very important)
UncleFista

posted on 28/4/02 at 08:31 PM Reply With Quote
F.A.O. Chris Gibbs (long but very important)

Have you been opening dodgy attachments on yer mail ? I'm asking cos I received a mail from "Microsoft" but when examined it has the return address as chris@gibbs111.fsnet.co.uk . It comes complete with an executable file which you're supposed to run.
Check your PC dude

(sorry to be the bearer of bad news)

Update, my brother received the same too, he's on T.O.L. as well as me, maybe a link ?

The e-mail source is cut and pasted here in its entirety, bar the file of course

Sorry for the length of the post.


Received: from imailg2.svr.pol.co.uk ([195.92.195.180]) by blueyonder.co.uk with Microsoft SMTPSVC(5.5.1877.757.75);
Sun, 28 Apr 2002 16:22:16 +0100
Received: from modem-817.grommet.dialup.pol.co.uk ([62.25.159.49] helo=pfuckie)
by imailg2.svr.pol.co.uk with smtp (Exim 3.35 #1)
id 171qTj-00070a-00; Sun, 28 Apr 2002 16:20:45 +0100
From: "Microsoft Corporation Security Center"
To: "Microsoft Customer" <'customer@yourdomain.com'>
Subject: Internet Security Update
Reply-To:
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="NextPart_000235"
Message-Id:
Date: Sun, 28 Apr 2002 16:20:45 +0100
Return-Path: chris@gibbs111.fsnet.co.uk

This is a multi-part message in MIME format.
You should read this with client which
supported MIME standard.

--NextPart_000235
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


Microsoft Customer,

this is the latest version of security update, the
"24 Apr 2002 Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.


Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.

- A vulnerability that could allow an unauthorized user to learn the location
of cached content on your computer. This could enable the unauthorized
user to launch compiled HTML Help (.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized user to run the executables
on your computer.

- A new variant of the "Frame Domain Verification" vulnerability could enable a
malicious Web site operator to open two browser windows, one in the Web site's
domain and the other on your local file system, and to pass information from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end with a CLSID file extension
do not show the actual full extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to look as though they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.


System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.


For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/default.asp
If you have some questions about this article contact us at rdquest12@microsoft.com

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.

--NextPart_000235
Content-Type: application/x-msdownload;
name="q216309.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="q216309.exe"

View User's Profile Visit User's Homepage View All Posts By User U2U Member
chrisg

posted on 28/4/02 at 08:56 PM Reply With Quote
Cheers Tony,

I've been bombed with virus e-mails, I think we know where they're coming from( think pissed off IT guru)

Appologies to all

I wonder if Microsoft would like to know who is taking thier name in vain?

Thanks again

Chris






Note to all: I really don't know when to leave well alone. I tried to get clever with the mods, then when they gave me a lifeline to see the error of my ways, I tried to incite more trouble via u2u. So now I'm banned, never to return again. They should have done it years ago!

View User's Profile E-Mail User View All Posts By User U2U Member
UncleFista

posted on 28/4/02 at 09:09 PM Reply With Quote
No probs, was a bit worried in case you weren't on the ball





Tony Bond / UncleFista

Love is like a snowmobile, speeding across the frozen tundra.
Which suddenly flips, pinning you underneath.
At night the ice-weasels come...

View User's Profile Visit User's Homepage View All Posts By User U2U Member
MarkD

posted on 28/4/02 at 09:27 PM Reply With Quote
Check out Symantec's site regarding this virus and how to get rid of it. http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html />

View User's Profile E-Mail User Visit User's Homepage View All Posts By User U2U Member
chrisg

posted on 28/4/02 at 10:18 PM Reply With Quote
Thanks Mark,

It's Done!

Cheers

Chris





Note to all: I really don't know when to leave well alone. I tried to get clever with the mods, then when they gave me a lifeline to see the error of my ways, I tried to incite more trouble via u2u. So now I'm banned, never to return again. They should have done it years ago!

View User's Profile E-Mail User View All Posts By User U2U Member
Dunc

posted on 28/4/02 at 10:19 PM Reply With Quote
Hey guys, I got the same email, tell me who the IT guru?!? is and I'll send one of my laser guided missiles through his roof, I feel like kicking his arse just for being a knob and making me read a crap email from MS. Is it the prick from the other list, can't remember his name, who posted about the alien shite.
View User's Profile View All Posts By User U2U Member
James

posted on 29/4/02 at 02:25 PM Reply With Quote
I received it aswell- was a little surprised to be receiving a mail from M$ to say the least!

Were you suggesting that it was Wally from TOL? I'd be interested to know as I've certainly never had any dealings with him at all other than being a member of TOL.
As far as I know I haven't made too many enemies between the lists (well, none that have let themselves be known to me anyway! )

Who else has recieved it? Guess it could be all people who are on both lists or something? In which case I'd have thought Bob and TheConrod would have got it too and probably quite a few others.

Looking at what the worm does (on Symantec) I wonder if it might just be some other locoster (who therefore has our e-mail addresses) who's got infected and the worm has then worked it's way throughout their address list sending it to all of us (with a disguised sender address).

Or maybe I'm too trusting of people!


Maybe we'll one day meet whoever it is at a show....

James

View User's Profile View All Posts By User U2U Member
James

posted on 29/4/02 at 02:31 PM Reply With Quote
Ok, re-reading the posts I think I'm just being a pleb.
Nothing new there...

The point being it's Chris who inadvertantly sent it to us- having been bombed/infected with it by a "pissed IT guru".

But hey, atleast we know who it was in the first place.

Or have I now got it all wrong?

Oh well, gotta go weld my chassis now.

James

View User's Profile View All Posts By User U2U Member
Dunc

posted on 29/4/02 at 03:23 PM Reply With Quote
Hey James, a bit off topic but you got me thinking about all this IT poo and how they steal all the exciting words to make what they do seem exciting, bombed, virus, infected, surf, guru. Hmmmm. It's a bit like advertising isn't it, all the most exciting adverts are for the most boring products, washing powder, banks, car insurance. Hell I'd never try and make my job sound more exciting, I just don't tell anyone that way they won't fall asleep on me.

Sorry, Monday afternoon ramblings, time for my medication I think then back to my cubicle to sit at my PC, D'oh! I'm already there.

View User's Profile View All Posts By User U2U Member
David Jenkins

posted on 29/4/02 at 03:42 PM Reply With Quote
I wouldn't get too excited about an "IT guru" conspiracy theory... this "worm" moves around by picking up the addresses from a PC and shipping itself to those locations.

The person who sent it to Chris probably didn't know he had it himself.



David

(Who's very grateful that his AVG virus checker blocked this e-mail worm last night)

View User's Profile Visit User's Homepage View All Posts By User U2U Member
Dunc

posted on 29/4/02 at 04:00 PM Reply With Quote
What not even the theories that norton and symantic write these worms in the first place to boost sales. Sure there was a MI2 plot in there too.

Too much tele, not enough building.

Anyway I like the 'IT guru' conspiracy theory, it gives me someone to h8 and shout about when I put my bare hand on my newly welded butt joint, its not much fun blaming yourself for doing something that stoopid.

View User's Profile View All Posts By User U2U Member
bob

posted on 29/4/02 at 06:22 PM Reply With Quote
Yep i got it too






View User's Profile View All Posts By User U2U Member
merlin

posted on 29/4/02 at 08:17 PM Reply With Quote
If you recieve an email you're not sure of try looking at it's 'properties' before opening the attachments. You can see where it originated etc. I was a little unsure when I saw the 'helo-pfuckie' line, so binned it!
View User's Profile E-Mail User Visit User's Homepage View All Posts By User U2U Member
chrisg

posted on 29/4/02 at 10:03 PM Reply With Quote
Hi all,

Once again, massive appologies to you all...Sorry x many

I might buy the random virus theory if I hadn't had 60 odd similar e mails (which my anti virus has caught)since I annoyed someone who we know.

60+ in three months suggests that it's not random to me, It suggests someone who

a. Dosen't like me

b. works in an environment where they could gather viri.

Anyway, chaps, It's a large round of norton anti-virus all round!

Appologies again

Cheers

Chris





Note to all: I really don't know when to leave well alone. I tried to get clever with the mods, then when they gave me a lifeline to see the error of my ways, I tried to incite more trouble via u2u. So now I'm banned, never to return again. They should have done it years ago!

View User's Profile E-Mail User View All Posts By User U2U Member
Dunc

posted on 29/4/02 at 10:11 PM Reply With Quote
No problem Chris, it's not your fault some sad bastard feels like he's nothing better to do than send dodgy emails. He must lead a very sad sad life. So if he's out there and reading this I challenge him to send me one of his dodgy emails, I'll track the puss down. I have the technology and the resources. Sorry but lowlifes like this really make me mad as fuck.
View User's Profile View All Posts By User U2U Member
David Jenkins

posted on 30/4/02 at 08:05 AM Reply With Quote
quote:

I might buy the random virus theory if I hadn't had 60 odd similar e mails (which my anti virus has caught)since I annoyed someone who we know.

60+ in three months suggests that it's not random to me


Sounds like a case for escalating the problem to either abuse@... (though that might end up with the same person, if I get your drift), or to one of the virus authorities (you'll find details at the Symantec and AVG sites).

They might be very interested in nailing someone who's wilfully sending viruses around.

View User's Profile Visit User's Homepage View All Posts By User U2U Member
Dazza

posted on 30/4/02 at 06:50 PM Reply With Quote
guys, i got it to, but as always, i only download from people i know, if i am a little usure, i delete it!!!!!





fuckit

PLEASE NOTE: This user is a trader who has not signed up for the LocostBuilders registration scheme. If this post is advertising a commercial product or service, please report it by clicking here.

View User's Profile Visit User's Homepage View All Posts By User U2U Member
chrisg

posted on 30/4/02 at 06:53 PM Reply With Quote
I've Given it a try David, but whoever it is knows their onions I'm afraid - all the viri are sent from used once "Hotmail" addresses on public computers - i.e. untracable (yahoo did think they'd got something but it turned out to be a cyber cafe)

Cheers

Chris

PS I've updated my anti-virus again, and all mail now goes through 5 (count'em) programmes





Note to all: I really don't know when to leave well alone. I tried to get clever with the mods, then when they gave me a lifeline to see the error of my ways, I tried to incite more trouble via u2u. So now I'm banned, never to return again. They should have done it years ago!

View User's Profile E-Mail User View All Posts By User U2U Member
StuartA

posted on 1/5/02 at 11:52 AM Reply With Quote
Just to add my two cents to this, as someone who works in the industry. The people who inadvertently forward the email aren't the ones who should be blamed for infecting everyone else's machines. The real culprits are the sad little f*cks who sit around and write the viri in the first place.

Just for info, we use Sophos (www.sophos.com). They are very on the ball, and send out updates to the virus software via email. This usually happens days before all your friends send you an email that says 'dont open this email if you get it'. Personally, my advice is, if in doubt, don't open the attachment.

View User's Profile View All Posts By User U2U Member
Dunc

posted on 1/5/02 at 12:35 PM Reply With Quote
I agree with you Stu, and Chris you must really pissed someone off if they had to go to a cyber cafe, pay their £, setup a one off address just to send you some crap. I bet they even took the tape from the security camera when they left. Either that or they aren't getting any if you know what I mean and their membership for the porn sites just ran out. That reminds me.
View User's Profile View All Posts By User U2U Member
James

posted on 1/5/02 at 02:54 PM Reply With Quote
quote:
I've Given it a try David, but whoever it is knows their onions I'm afraid - all the viri are sent from used once "Hotmail" addresses on public computers - i.e. untracable (yahoo did think they'd got something but it turned out to be a cyber cafe)
Cheers
Chris



I guess this suggests even more strongly that it is a 'certain person' (him being relatively technically proficient) most people don't realise that these things are are traceable at all if they're using hotmail/yahoo etc.

It'd be interesting to track the geographical location of the suspects IP address and check this against the location of that cyber cafe- see if they tie up to the same region or anything.

I remember reading on The Register ( http://www.theregister.co.uk ) once how the FB1 had tracked down someone who'd stolen some classified militay documents and was trying to sell them. He'd tried various tactics to disguise it being him- even used a different cyber cafe each time to help him cover tracks. Once the Feds started tracking it they found the location of each cyber cafe and cross-referenced it against the list of employess addresses. When they found one particular person was at the centre of these cafes they knew who specifically they needed to nail.

James

View User's Profile View All Posts By User U2U Member
chrisg

posted on 1/5/02 at 06:03 PM Reply With Quote
Unsurprisingly James,

Yahoo wouldn't give me the location. I suppose they had visions of me kicking the door in and demanding to know all the names of the people who had ever been in thier cafe!!!!!!

I don't know who it is, and, legally, I wouldn't want to speculate, but I have my suspicions. I have no proof, and thats the important thing. Maybe who ever it is will grow up a little or get tired.

If I do meet up with the person in the real world, I'm going to rip their head off and sh*t down their neck !!!!!!!(for starters)

Cheers

Chris





Note to all: I really don't know when to leave well alone. I tried to get clever with the mods, then when they gave me a lifeline to see the error of my ways, I tried to incite more trouble via u2u. So now I'm banned, never to return again. They should have done it years ago!

View User's Profile E-Mail User View All Posts By User U2U Member

New Topic New Poll New Reply


go to top






Website design and SEO by Studio Montage

All content © 2001-16 LocostBuilders. Reproduction prohibited
Opinions expressed in public posts are those of the author and do not necessarily represent
the views of other users or any member of the LocostBuilders team.
Running XMB 1.8 Partagium [© 2002 XMB Group] on Apache under CentOS Linux
Founded, built and operated by ChrisW.