Updates

  • Thread starter Thread starter Ben
  • Start date Start date
B

Ben

Can someone please tell me why I am being bombarded with
supposedly MS updates? I am recieving about 6 a day. How
can I tell if they are legitimate? If I do a Windows
Update from Start, there are none available.
Secondly: I am also recieving inordinate amounts of e-mail
returns and errors for e-mail I never sent. The recipient
usually is any combination of letters. Example:
AXXEMP2yahoo.com, AOL.com or any of the ISP's.
I have Spybot.com installed and I still get them.
Thanks in advance for your response.
Ben
 
I'm not sure what the answer is to your first question,
however, I'll bet that the answer to your second question
would boil down to "klez" or "sobig". Someone that has
your address in their Windows Address Book was recently
infected by klez or sobig. www.trendmicro.com has ample
documentation on these two little bugs.
 
Ben said:
Can someone please tell me why I am being bombarded with
supposedly MS updates? I am recieving about 6 a day. How
can I tell if they are legitimate? If I do a Windows
Update from Start, there are none available.
Secondly: I am also recieving inordinate amounts of e-mail
returns and errors for e-mail I never sent. The recipient
usually is any combination of letters. Example:
AXXEMP2yahoo.com, AOL.com or any of the ISP's.
I have Spybot.com installed and I still get them.
Thanks in advance for your response.
Click to expand...

Hi Ben,

it's a virus. Microsoft never emails patches.

Probably Sobig-B or something similar.
http://www.sophos.com/virusinfo/articles/palyh.html
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

"Swen" is pretty active lately
http://www.europe.f-secure.com/v-descs/swen.shtml#details
 
Most certainly you are receiving these e-mails because you have sent your
e-mail address to an untrusting web site in a form or it is in a friend's infected computer or a news group which is picked up by this worm.

The worm/virus is probably one of the followings:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Also:
< Microsoft never has, does not currently, and never will email
unsolicited security patches.>


I have received many of these e-mails ,claiming they couldn't deliver my
messages to any of those (untrue) addresses and such...,
They only way to get rid of them is to use filters provided with your e-mail
service.

------
WARNING:

Many of these e-mails can self execute the attached file ( the worm) when
you only open or see the preview of the e-mail sent to you even without
opening the attachment...If you receive them , delete them immediately
even without opening them ( This is due to a famous vulnerability in IE
while rendering HTML messages with wrong MIME headers and executing
such files, which I still see exists in OE 6 and IE 6 came with Win XP)

------
A good guide:
The worm has a fixed file size...., something about 145KB, 150KB or around it. So
if your e-mails --with any subjects or From line text-- are of the mentioned
size or sth around it , please delete the message immediately.

------

Some famous forms of these infected messages:

1- From: Microsoft Corporation Program Se Subject: Network security Upgrade Size: 143KB

2- From: Public Assistance Subject: net update Size: 130KB

3- From: Admin Subject: Error Letter Size: 150KB

4- From: MS Corporation Security Center Subject: Newest Net Update Size: 145KB

5- From: Admin Subject: Message Size : 125KB

6- From: Network Security Section Subject: "NO SUBJECT" Size : 150KB

6- From: Net message delivery Subject: No delivery found Size : 144KB



Good luck




-------------------------------------------------------------------------------------------------------------
 
Most certainly you are receiving these e-mails because you have sent your
e-mail address to an untrusting web site in a form or it is in a friend's infected computer or a news group which is picked up by this worm.

The worm/virus is probably one of the followings:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Also:
< Microsoft never has, does not currently, and never will email
unsolicited security patches.>


I have received many of these e-mails ,claiming they couldn't deliver my
messages to any of those (untrue) addresses and such...,
They only way to get rid of them is to use filters provided with your e-mail
service.

------
WARNING:

Many of these e-mails can self execute the attached file ( the worm) when
you only open or see the preview of the e-mail sent to you even without
opening the attachment...If you receive them , delete them immediately
even without opening them ( This is due to a famous vulnerability in IE
while rendering HTML messages with wrong MIME headers and executing
such files, which I still see exists in OE 6 and IE 6 came with Win XP)

------
A good guide:
The worm has a fixed file size...., something about 145KB, 150KB or around it. So
if your e-mails --with any subjects or From line text-- are of the mentioned
size or sth around it , please delete the message immediately.

------

Some famous forms of these infected messages:

1- From: Microsoft Corporation Program Se Subject: Network security Upgrade Size: 143KB

2- From: Public Assistance Subject: net update Size: 130KB

3- From: Admin Subject: Error Letter Size: 150KB

4- From: MS Corporation Security Center Subject: Newest Net Update Size: 145KB

5- From: Admin Subject: Message Size : 125KB

6- From: Network Security Section Subject: "NO SUBJECT" Size : 150KB

6- From: Net message delivery Subject: No delivery found Size : 144KB



Good luck
 
Back
Top