Supposed email from microsoft.

[Tex James]

I received 2 messages today that were suposedly from
microsoft support. However the email address were as
follows: MS Customer Services [[email protected]]
and Microsoft Corporation Security Support
[[email protected]]

both of these had the same text in the body, but the
attached file that both listed were different. One had
the file name pack3242.exe and the other Installation8.exe

The contents were as follows:

Microsoft All Products | Support | Search |
Microsoft.com Guide
Microsoft Home


Microsoft Partner

this is the latest version of security update,
the "September 2003, Cumulative Patch" update which
eliminates all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer. This update
includes the functionality of all previously released
patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version
4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the
earliest opportunity.
How to install Run attached file. Choose Yes on
displayed dialog box.
How to use You don't need to do anything after
installing this item.

Microsoft Product Support Services and Knowledge Base
articles can be found on the Microsoft Technical Support
web site. For security-related information about
Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an
unmonitored e-mail address and we are unable to respond
to any replies.

----------------------------------------------------------
----------------------
The names of the actual companies and products mentioned
herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms
of Use | Privacy Statement | Accessibility

 

[Larry Samuels MS-MVP XP \(Shell/User\)]

PSS Security Response Team Alert - New E-Mail Worm: W32/Swen@MM

SEVERITY: MODERATE
DATE: September 18, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail

**********************************************************************

WHAT IS IT?
W32/Swen@MM spreads via e-mail and network shares. The Microsoft
Product Support Services Security Team is issuing this alert to advise
customers to be on the alert for this virus as it spreads in the wild.
Customers are advised to review the information and take the appropriate
action for their environments.

IMPACT OF ATTACK: Mass Mailing, disabling processes related to security
software such as antivirus and firewall software

TECHNICAL DETAILS:
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:

Network Associates:

http://vil.nai.com/vil/content/v_100662.htm

Trend Micro:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWE
N.A

Symantec

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
ml

Computer Associates:

http://www3.ca.com/virusinfo/virus.aspx?ID=36939

For more information on Microsoft's Virus Information Alliance please
visit this link: http://www.microsoft.com/technet/security/virus/via.asp


Please contact your Antivirus Vendor for additional details on this
virus.


PREVENTION:

1. This worm is exploiting a previously patched vulnerability. The
vulnerability exploited is related to the following Microsoft Security
Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp

As always, customers are advised to install the latest security patch
for Internet Explorer. Information on the latest cumulative security
patch for
Internet Explorer can be found here:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

2. Outlook 2000 post SP2 and Outlook XP SP1 include the most recent
updates to improve the security in Outlook and other Office programs.
This includes the functionality to block potentially harmful attachment
types. If you are running either of these versions, they will (by
default) block the attachment, and you will be unable to open it.

To ensure you are using the latest version of Office click here:
http://office.microsoft.com/ProductUpdates/default.aspx

By default, Outlook 2000 pre SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security
Update can be found here:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

Outlook Express 6 can be configured to block access to
potentially-damaging attachments. Information about how to configure
this can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387

Outlook Express all other versions: Previous versions of Outlook Express
do not contain attachment-blocking functionality. Please exercise
extreme caution when opening unsolicited e-mail messages with
attachments.

Web-based e-mail programs: Use of a program-level firewall can protect
you from being infected with this virus through Web-based e-mail
programs.

RECOVERY:
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Microsoft Product Support Services for
assistance with removing it.

TECHNET SECURITY LINK:
http://www.microsoft.com/technet/security/virus/alerts/swen.asp

As always please make sure to use the latest Anti-Virus detection from
your Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your
Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the
US, outside of the US please contact your local Microsoft Subsidiary.
Support for virus related issues can also be obtained from the Microsoft
Virus Support Newsgroup which can be located by clicking on the
following link
news://msnews.microsoft.com/microsoft.public.security.virus.

PSS Security Response Team

--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone -

I received 2 messages today that were suposedly from
microsoft support. However the email address were as
follows: MS Customer Services [[email protected]]
and Microsoft Corporation Security Support
[[email protected]]

both of these had the same text in the body, but the
attached file that both listed were different. One had
the file name pack3242.exe and the other Installation8.exe

The contents were as follows:

Microsoft All Products | Support | Search |
Microsoft.com Guide
Microsoft Home


Microsoft Partner

this is the latest version of security update,
the "September 2003, Cumulative Patch" update which
eliminates all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer. This update
includes the functionality of all previously released
patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version
4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the
earliest opportunity.
How to install Run attached file. Choose Yes on
displayed dialog box.
How to use You don't need to do anything after
installing this item.

Microsoft Product Support Services and Knowledge Base
articles can be found on the Microsoft Technical Support
web site. For security-related information about
Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an
unmonitored e-mail address and we are unable to respond
to any replies.

----------------------------------------------------------
----------------------
The names of the actual companies and products mentioned
herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms
of Use | Privacy Statement | Accessibility

 

[Yazzo]

1. Never use your real email address on these forums: you
are a sitting duck for these vultures.
2. Block all mail containing attachments, through your
email program.

 

[ncowgill]

Thats a Virus (worm)vil.nai.com

 

[Alex McFarlane]

I checked the attachments with NAV, it was dripping with more viruses
than a ....... (reference to Sexually Transmitted diseases and body
parts withdrawn here for the sake of decency).
Use the update function in XP if you have to>

I received 2 messages today that were suposedly from
microsoft support. However the email address were as
follows: MS Customer Services [[email protected]]
and Microsoft Corporation Security Support
[[email protected]]

both of these had the same text in the body, but the
attached file that both listed were different. One had
the file name pack3242.exe and the other Installation8.exe

The contents were as follows:

Microsoft All Products | Support | Search |
Microsoft.com Guide
Microsoft Home


Microsoft Partner

this is the latest version of security update,
the "September 2003, Cumulative Patch" update which
eliminates all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer. This update
includes the functionality of all previously released
patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version
4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the
earliest opportunity.
How to install Run attached file. Choose Yes on
displayed dialog box.
How to use You don't need to do anything after
installing this item.

Microsoft Product Support Services and Knowledge Base
articles can be found on the Microsoft Technical Support
web site. For security-related information about
Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an
unmonitored e-mail address and we are unable to respond
to any replies.

----------------------------------------------------------
----------------------
The names of the actual companies and products mentioned
herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms
of Use | Privacy Statement | Accessibility