Newest Internet Security Patch

[anonymous news]

I just got this email with a Microsoft-like blue logo on it (I read it in as
text, instead of HTML, that's why it doesn't look as 'official' as the
original. Needless to say, I didn't install the attachment: "qqxc.exe" that
came with it. Out of curiosity, does anybody know what it really does?

============================================================================
======

Microsoft Customer

this is the latest version of security update, the
"June 2004, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer
from these vulnerabilities.
This update includes the functionality of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest
opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.


Microsoft Product Support Services and Knowledge Base articles can be found
on the Microsoft Technical Support web site.
http://support.microsoft.com/

For security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site
http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to respond
to any replies.

 

[Kaylene aka Taurarian]

Microsoft NEVER sends Email with attachments.
http://www.microsoft.com/technet/security/news/patch_hoax.mspx

The attachment was a virus.

 

[Papa]

Any unsolicited email supposedly coming from Microsoft is a hoax, and most
likely includes a virus. Just delete it. Microsoft never sends out
unsolicited email of any kind.

 

[Kevin]

Correct, and if you subscribe to MS Security Bulletins, they now come with
and encrypted PGP verification.

 

[David H. Lipman]

That did NOT warrant posting to so many News Groups!

There are several Internet worms that masquerade as patches from Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware of this
problem.

All you can do is...

1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.

Dave




| I just got this email with a Microsoft-like blue logo on it (I read it in as
| text, instead of HTML, that's why it doesn't look as 'official' as the
| original. Needless to say, I didn't install the attachment: "qqxc.exe" that
| came with it. Out of curiosity, does anybody know what it really does?
|
| ============================================================================
| ======
|
| Microsoft Customer
|
| this is the latest version of security update, the
| "June 2004, Cumulative Patch" update which fixes
| all known security vulnerabilities affecting
| MS Internet Explorer, MS Outlook and MS Outlook Express
| as well as three newly discovered vulnerabilities.
| Install now to help protect your computer
| from these vulnerabilities.
| This update includes the functionality of all previously released patches.
|
| System requirements: Windows 95/98/Me/2000/NT/XP
| This update applies to:
| - MS Internet Explorer, version 4.01 and later
| - MS Outlook, version 8.00 and later
| - MS Outlook Express, version 4.01 and later
|
| Recommendation: Customers should install the patch at the earliest
| opportunity.
| How to install: Run attached file. Choose Yes on displayed dialog box.
| How to use: You don't need to do anything after installing this item.
|
|
| Microsoft Product Support Services and Knowledge Base articles can be found
| on the Microsoft Technical Support web site.
| http://support.microsoft.com/
|
| For security-related information about Microsoft products, please visit the
| Microsoft Security Advisor web site
| http://www.microsoft.com/security/
|
| Thank you for using Microsoft products.
|
| Please do not reply to this message.
| It was sent from an unmonitored e-mail address and we are unable to respond
| to any replies.
|
| ----------------------------------------------
| The names of the actual companies and products mentioned herein are the
| trademarks of their respective owners.
| Copyright 2004 Microsoft Corporation.
|
|

 

[Bruce Chambers]

Greetings --

What it does is install a Worm.

What you're apparently receiving is the output of a computer
infected by one of several widely publicized, wide-spread, mass
emailing worms. The virus' authors have deliberately spoofed the
Microsoft information in the hopes of garnering more victims. This
sort of email has been very common for at the last year or more. The
most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Remember, any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. You should develop
the habit of checking this site at least once a month to keep your
computer up-to-date. (Notice that this is the true URL, rather than
the bogus one that may have been contained in the email you received.)
Any messages that point to any other source(s) or claim to have the
patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps. You can also ask your ISP to take steps to preclude their mail
server from passing on such emails. Many ISPs have such filtering
capabilities.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH