Virus (Is this Severely Annoying Anyone Else Yet?)

[Tim Wilson [MVP]]

Dear All,
As it would appear that many people have been infected with a virus that is
sending around ridiculous email claiming to patch Microsoft software as well
as claiming to be delivery failure notices from qmail, would everyone who
may be affected by this please take the time to download and run the removal
tool for this virus. The removal tool is very small, easy to use, and can be
found here:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
And more information on this virus can be found here:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Thanks

 

[Chris Tacke, eMVP]

What kind of idiot would think that Microsoft would just send them an EXE
file and that it would be a good idea to run it?

-Chris

 

[Tim Wilson [MVP]]

Apparently a fair number of people. When I woke up this morning I had about
67 of these in my inbox. And I have been getting these types of emails all
day. Annoying to say the least.

 

[Shanti]

There are many (not of your kind). That's why we have this problem. If all
are not idiots, this wouldn't be happening. Don't ask what kind of idiot
will write such code!!!

 

[Martin Robins]

I have now received over 200 copies of this since yesterday morning (UK).
Every one of them has been deleted immediately and the sender added to the
junk senders list.

I must admit though, a number of people at the office received them during
yesterday and (thankfully) spent most of the day asking me whether to
install them. I guess if I had not been there then they would have been run.

Not everybody realises how dangerous emails can be.

 

[Alex Clark]

Hi,

From WashingtonPost.com
(http://www.washingtonpost.com/wp-srv/technology/articles/svenwormgrafix_091
903.htm) <- (long URL will be wrapped)

"The "Swen" worm arrives in an official-looking e-mail message that appears
to be from Microsoft. Users whose PCs are not patched against the Microsoft
flaw this worm exploits will be infected just by viewing the message, as
will protected users who click on the e-mail attachment."

So basically if you haven't got the latest patch, you can be infected simply
by reading an html email??!! I find it ridiculous that mere text can
actually infect your machine: yet another onion in the ointment for the
so-called "Trustworth Computing Initiative". Well, looks like I'd better
take a trip to my office this weekend and see if my network is infected, as
I made the "mistake" of reading my email on Friday afternoon and this was
definitely in it.


Alex Clark

 

[Tim Wilson [MVP]]

Again, can people please run this utility
(http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
al.tool.html) to clean your machines. This will also tell you if your
machine was infected with the virus or not. I woke up this morning to about
87 of these in my inbox. And some messages saying that some of my email was
bounced back to the sender because my email capacity at the server was full.
YES, that is right. I ran out of my allotted room on the server because I
had too many of these infected emails with attachments. For all of those
people who may be wondering, this problem will NOT go away until people who
are infected clean their machines. As the utility provided at the link above
is very small to download I don't really see an excuse for people to not run
this just to make sure that they are not infected with this virus.

 

[Martin Robins]

Taken from Sophos web site
(http://www.sophos.com/virusinfo/analyses/w32gibef.html)

"W32/Gibe-F may attempt to exploit a vulnerability in Microsoft's software
which allows automatic execution of attachments while viewing an email
message. Microsoft issued a patch which reportedly fixes this vulnerability
in 2001. The patch is available from
www.microsoft.com/technet/security/bulletin/MS01-027.asp. (This patch fixes
a number of vulnerabilities in Microsoft's software, including the one
exploited by this worm.)"

I for one ensure that I apply all security patches as soon as they are made
available and as such, despite now receiving some 400+ copies of the message
from various sources, I have not yet been infected. And yes, I have viewed
the message in the preview pane.

Martin.

 

[Alex Clark]

Hi,
As this patch was issued in 2001, does it mean that MS email clients
released beyond that date are safe? I'm using Outlook XP SR1 both at home
and at work. I can't find much info on what's vulnerable and what's not.

Cheers,
Alex Clark

 

[Tim Wilson [MVP]]

Sometimes it's difficult to weed through all the security bulletins to find
out all the details. I usually just use Windows Update and everything has
been ok for me so far. If you ever have any doubt about contracting a virus,
you can always just check to see if symantec has a removal tool
(http://securityresponse.symantec.com/avcenter/tools.list.html). They're
pretty good about releasing these free tools, and typically the tool will
come back and tell you if the virus was found or not.

 

[Alex Clark]

Hi,
I'll check the network with the Symantec tool you've pointed me to, I keep
all the machines as up-to-date as possible in terms of Windows Update so
hopefully I'll be okay.

Thanks for your help & guidance on this matter!

Cheers,
Alex Clark

Sometimes it's difficult to weed through all the security bulletins to find
out all the details. I usually just use Windows Update and everything has
been ok for me so far. If you ever have any doubt about contracting a virus,
you can always just check to see if symantec has a removal tool
(http://securityresponse.symantec.com/avcenter/tools.list.html). They're
pretty good about releasing these free tools, and typically the tool will
come back and tell you if the virus was found or not.

--
Tim Wilson
Windows Embedded MVP

Hi,
As this patch was issued in 2001, does it mean that MS email clients
released beyond that date are safe? I'm using Outlook XP SR1 both at home
and at work. I can't find much info on what's vulnerable and what's not.

Cheers,
Alex Clark

(http://www.washingtonpost.com/wp-srv/technology/articles/svenwormgrafix_091 message,

as this
was virus
that software
as

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]