lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <061e01c2fe06$6f985bb0$0300a8c0@goliath>
From: gregory.lebras at security-corporation.com (Gregory Le Bras | Security Corporation)
Subject: Fwd: Internet Security Update

> Folks,
>
> I don't think this is a real Microsoft security announcement
> (they wouldn't be likely to be sent via an unknown IP address over in
> the space owned by hiwaay.net), but it does appear to be the result
> of a hoax, a virus, or a Trojan Horse that I have not yet heard of.
>
> I've done various searches via Google and on the web sites of the
> anti-virus vendors, and haven't turned up anything on this issue.
> Have I missed something?

I also received an e-mail of the same type some days ago...

The attached file was named : update8.exe (155 468 bytes)

We can see in this file and in your file the following message : "Coded
...by Begbie, Slovakia"

I've also done various searches via Google and Symantec.com, and haven't
found anything....This is a new trojan, virus or other ?

I'll try to analyse the attached file.

Here the e-mail :

Return-Path: <alexis.c@...bi.com>
Delivered-To: gregory.lebras@...urity-corp.org
Received: (qmail 22973 invoked by uid 503); 7 Apr 2003 21:38:43 -0000
Received: from unknown (HELO rwcrmhc51.attbi.com) (204.127.198.38)
  by ns3518.ovh.net with SMTP; 7 Apr 2003 21:38:43 -0000
Date: Mon, 7 Apr 2003 21:38:34 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from nbljlas (12-252-188-53.client.attbi.com[12.252.188.53])
          by rwcrmhc51.attbi.com (rwcrmhc51) with SMTP
          id <2003040721382305100lu7bte>; Mon, 7 Apr 2003 21:38:31 +0000
FROM: "Microsoft Security Section" <oihcdygjr_146294@...pWouWTm.com>
TO: "Microsoft Partner"
SUBJECT: New Internet Security Pack
X-Virus-Scanned: AVG
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="IGHvGmOLeSCacrkqAXyF"

--IGHvGmOLeSCacrkqAXyF
Content-Type: multipart/alternative; boundary="ZwqFxVeUubmrSH"

--ZwqFxVeUubmrSH
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Microsoft Partner

this is the latest version of security update, the
"April 2003, Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly discovered
vulnerabilities. Install now to protect your computer from these
vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality
of all previously released patches.

System requirements:
Win 9x/Me/2000/NT/XP

This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later

Recommendation:
Customers should install the patch at the earliest opportunity.

How to install:
Run attached file. Click Yes on displayed dialog box.

How to use:
You don't need to do anything after installing this item.

Microsoft Technical Support is available at
http://support.microsoft.com/

For security-related information about Microsoft products,
please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security

Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=3D/contactus/=
contactus.asp


Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

Thank you for using Microsoft products.

With friendly greetings,
Microsoft Security Section
________________________________________
=A92003 Microsoft Corporation. All rights reserved. The names of =
the actual companies
and products mentioned herein =
may be the trademarks of their respective owners.


---
Outgoing mail is certified Virus Free.
Checked by Symantec anti-virus system (http://www.symantec.com).
Release Date: 18.3.2003

--ZwqFxVeUubmrSH
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<BASEFONT SIZE=3D"2"><BR>
Microsoft Partner
<BR><BR>
this is the latest version of security update, the<BR>
"April 2003, Cumulative Patch" update which eliminates<BR>
all known security vulnerabilities affecting Internet Explorer,<BR>
Outlook and Outlook Express as well as five newly<BR>
discovered vulnerabilities. Install now to protect your computer<BR>
from these vulnerabilities, the most serious of which could allow<BR>
an attacker to run executable on your system. This update includes<BR>
the functionality of all previously released patches.<BR><BR>

<TABLE BORDER=3D"3" CELLPADDING=3D"3" BGCOLOR=3D"#80CBF6">
<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">System requirements</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">Win 9x/Me/2000/NT/XP</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">This update applies to</FONT></TD>
<TD NOWRAP>
<FONT SIZE=3D"2">
Microsoft Internet Explorer, version 4.01 and later<BR>
Microsoft Outlook, version 8.00 and later<BR>
Microsoft Outlook Express, version 4.01 and later
</FONT>
</TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">Recommendation</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">Customers should install the patch =
at the earliest opportunity.</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">How to install</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">Run attached file. =
Click Yes on displayed dialog box.</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"2">How to use</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"2">You don't need to do =
anything after installing this item.</FONT></TD>
</TR>
</TABLE>
<BR>

Microsoft Product Support Services and Knowledge Base articles<BR>
can be found on the <A HREF=3D"http://support.microsoft.com/">=
Microsoft Technical Support</A> web site.<BR>
For security-related information about Microsoft products, please<BR>
visit the <A HREF=3D"http://www.microsoft.com/security">
Microsoft Security Advisor</A> web site, =
or <A HREF=3D"http://www.microsoft.com/isapi/goregwiz.asp?=
target=3D/contactus/contactus.asp">Contact us.</A><BR><BR>

Please do not reply to this message. It was sent from an unmonitored<BR>
e-mail address and we are unable to respond to any replies.
<BR><BR>
Thank you for using Microsoft products.
<BR><BR>
With friendly greetings,
<BR>
Microsoft Security Section<BR>
<HR COLOR=3D"Blue" SIZE=3D"2" WIDTH=3D"400" ALIGN=3D"left">
<FONT COLOR=3D"Gray">=A92003 Microsoft Corporation. All =
rights reserved. The names of the actual companies<BR>
and products mentioned herein may be the trademarks of =
their respective owners.</FONT>

<BR><BR>---
<BR>Outgoing mail is certified Virus Free.
<BR>Checked by Symantec anti-virus system (http://www.symantec.com).
<BR>Release Date: 18.3.2003

</BODY></HTML>


Regards,

-------
Gregory LEBRAS
Chief Executive Officer
Security Corporation

www.security-corporation.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ