virus mail from MS (not really MS though)

M

me

i thought MS might like to see the e-mail virus i got
explaining how it is an update. i have posted the e-mail
below. i have no idea how to contact or e-mail MS about
this as they seem to spend a lot of money to ensure that
people cannot contact them :mad: i wasted 1/2 hour
already on the phone and interent trying to find info on
how to send them an e-mail to make them aware of this but
i am done trying, here you go MS as this is the only info
i can get to you :(.

BTW, this was sent from --> Program Security Section
[[email protected]] <--

<HTML>
<HEAD>
<style type='text/css'>.navtext{color:#ffffff;text-
decoration:none}
</style>
</HEAD>

<BODY BGCOLOR="White" TEXT="Black">
<BASEFONT SIZE="2" face="verdana,arial">
<TABLE WIDTH="600" HEIGHT="40" BGCOLOR="#1478EB">
<TR height="20">
<TD ALIGN="left" VALIGN="TOP" WIDTH="400"
ROWSPAN="2">&nbsp;
<FONT FACE="sans-serif" SIZE="5"><I><B>
<A class='navtext' HREF="http://www.microsoft.com/"
TITLE="Microsoft Home Site" target="_top">Microsoft</A>
</B></I></FONT>
</TD>

<TD ALIGN="right" VALIGN="MIDDLE" BGCOLOR="Black" NOWRAP>
<FONT color="#ffffff" size=1>&nbsp;
<A class='navtext'
href='http://www.microsoft.com/catalog/'
target="_top">All Products</A>&nbsp;|&nbsp;
<A class='navtext' href='http://support.microsoft.com/'
target="_top">Support</A>&nbsp;|&nbsp;
<A class='navtext' href='http://search.microsoft.com/'
target="_top">Search</A>&nbsp;|&nbsp;
<A class='navtext' href='http://www.microsoft.com/'
target=_top>
Microsoft.com Guide</A>&nbsp;
</FONT>
</TD>
</TR>

<TR>
<TD ALIGN="right" VALIGN="BOTTOM" NOWRAP>
<FONT FACE="Verdana, Arial" SIZE=1><B>
<A class='navtext' HREF='http://www.microsoft.com/'
TARGET=" top">
Microsoft Home</A>&nbsp;&nbsp;</B>
</FONT>
</TD>
</TR>
</TABLE>

&nbsp;<IMG SRC="cid:legfrlv" BORDER="0"><BR><BR>
<TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
MS Client<BR><BR>
this is the latest version of security update, the
"July 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help maintain the security of your computer
from these vulnerabilities, the most serious of which
could
allow an attacker to run code on your system.
This update includes the functionality of all previously
released patches.
</FONT></TD></TR>
</TABLE>

<BR><BR>
<TABLE BORDER="1" CELLSPACING="1" CELLPADDING="3"
WIDTH="600">
<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0">&nbsp;System requirements</B>
</FONT></TD>
<TD NOWRAP><FONT SIZE="1">Windows
95/98/Me/2000/NT/XP</FONT></TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0">&nbsp;This update applies
to</B>
</FONT></TD><TD NOWRAP>
<FONT SIZE="1">
MS Internet Explorer, version 4.01 and later<BR>
MS Outlook, version 8.00 and later<BR>
MS Outlook Express, version 4.01 and later
</FONT>
</TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle"
BORDER="0">&nbsp;Recommendation</B></FONT></TD>
<TD NOWRAP><FONT SIZE="1">Customers should install the
patch at the earliest opportunity.</FONT></TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0">&nbsp;How to
install</B></FONT></TD>
<TD NOWRAP><FONT SIZE="1">Run attached file. Choose Yes
on displayed dialog box.</FONT></TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0">&nbsp;How to
use</B></FONT></TD>
<TD NOWRAP><FONT SIZE="1">You don't need to do anything
after installing this item.</FONT></TD>
</TR>
</TABLE>
<BR>

<TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
Microsoft Product Support Services and Knowledge Base
articles
can be found on the <A
HREF="http://support.microsoft.com/"
TARGET="_top">Microsoft Technical Support</A> web site.
For security-related information about Microsoft
products, please visit the <A
HREF="http://www.microsoft.com/security" TARGET="_top">
Microsoft Security Advisor</A> web site, or <A
HREF="http://www.microsoft.com/contactus/contactus.asp"
TARGET="_top">Contact Us.</A>
<BR><BR>
Thank you for using Microsoft products.<BR><BR></FONT>
<FONT SIZE="1">Please do not reply to this message. It
was sent from an unmonitored e-mail address and we are
unable to respond to any replies.<BR></FONT>

<HR COLOR="Silver" SIZE="1" WIDTH="100%">
<FONT SIZE="1" COLOR="Gray">The names of the actual
companies and products mentioned herein are the
trademarks of their respective owners.</FONT>
</TD></TR></TABLE>

<BR>
<TABLE WIDTH="600" HEIGHT="45" BGCOLOR="#1478EB">
<TR VALIGN="TOP">
<TD WIDTH="5"></TD>
<TD>
<FONT COLOR="#FFFFFF" SIZE="1"><B>
<A class='navtext'
HREF="http://www.microsoft.com/contactus/contactus.asp"
TARGET="_top">Contact Us</A>
&nbsp;|&nbsp;
<A class='navtext' HREF="http://www.microsoft.com/legal/"
TARGET="_top">Legal</A>
&nbsp;|&nbsp;
<A class='navtext'
HREF="https://www.truste.org/validate/605" TARGET="_top"
TITLE="TRUSTe - Click to Verify">TRUSTe</A>
</FONT></B>
</TD>
</TR>

<TR VALIGN="MIDDLE">
<TD WIDTH="5"></TD>
<TD>
<FONT COLOR="#FFFFFF" SIZE="1">
&copy;2003 Microsoft Corporation. All rights reserved.
<A STYLE="color:#FFFFFF;"
HREF="http://www.microsoft.com/info/cpyright.htm"
TARGET="_top">Terms of Use</A>
&nbsp;|&nbsp;
<A STYLE="color:#FFFFFF;"
HREF="http://www.microsoft.com/info/privacy.htm"
TARGET="_top">
Privacy Statement</A>&nbsp;|&nbsp;
<A STYLE="color:#FFFFFF;"
HREF="http://www.microsoft.com/enable/"
TARGET="_top">Accessibility</A>
</FONT>
</TD>
</TR>

</TABLE>
</BODY>
</HTML>
 
D

dlw

The first thing you have to realize is that the FROM
address on an email is totally meaningless. Anyone can
put anything they want as the FROM address. See where I
typed in my address, that's just how easy it is to make a
MS from address. You need to look at the headers to find
out where it really came from, and most of the time it's
going to point you to Korea, or some other place where
there's just nothing anyone can do about it.
 
B

Brett Sterner

I have recieved four of these emails. Following is the
from/subject/time pairings:
Microsoft/current internet critical upgrade/Fri 9/19/2003
1:27 PM
Microsoft Corporation Security Section/Current Microsoft
Patch/Fri 9/19/2003 3:00 PM
Microsoft Customer Support/New Network Patch/Sat 9/20/2003
12:31 AM
Public Bulletin Newest Internet Pack Sat 9/20/2003 4:30
AM

Here is an the header information:
X-Apparently-To: (e-mail address removed) via
web80107.mail.yahoo.com; 19 Sep 2003 11:27:31 -0700 (PDT)
X-YahooFilteredBulk: 63.231.195.115
Return-Path: <[email protected]>
Received: from vme-ext.prodigy.net (207.115.63.91)
by mta802.mail.yahoo.com with SMTP; 19 Sep 2003
11:27:23 -0700 (PDT)
X-Originating-IP: [63.231.195.115]
Received: from mpls-qmqp-04.inet.qwest.net (mpls-qmqp-
04.inet.qwest.net [63.231.195.115])
by vme-ext.prodigy.net (8.12.9/8.12.3) with SMTP
id h8JIQxME625552
for <[email protected]>; Fri, 19 Sep 2003
14:27:03 -0400
Date: Fri, 19 Sep 2003 14:26:59 -0400
Message-Id: <200309191827.h8JIQxME625552@vme-
ext.prodigy.net>
Received: (qmail 55561 invoked by uid 0); 19 Sep 2003
18:26:51 -0000
Received: from mpls-pop-12.inet.qwest.net (63.231.195.12)
by mpls-qmqp-04.inet.qwest.net with QMQP; 19 Sep 2003
18:26:51 -0000
Received: from 0-1pool157-
50.nas11.spokane1.wa.us.da.qwest.net (HELO oytmcvt)
(67.0.157.50)
by mpls-pop-12.inet.qwest.net with SMTP; 19 Sep 2003
18:26:01 -0000
From: "Microsoft" <[email protected]>
To: "Client" <[email protected]>
SUBJECT: current internet critical upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="rlspqqxeacdqjse"


X-Apparently-To: (e-mail address removed) via
web80107.mail.yahoo.com; 19 Sep 2003 13:00:10 -0700 (PDT)
X-YahooFilteredBulk: 204.127.202.56
Return-Path: <[email protected]>
Received: from vmd-ext.prodigy.net (207.115.63.89)
by mta803.mail.yahoo.com with SMTP; 19 Sep 2003
13:00:08 -0700 (PDT)
X-Originating-IP: [204.127.202.56]
Received: from sccrmhc12.comcast.net
(sccrmhc12.comcast.net [204.127.202.56])
by vmd-ext.prodigy.net (8.12.9/8.12.3) with ESMTP
id h8JK05DG148750
for <[email protected]>; Fri, 19 Sep 2003
16:00:07 -0400
Message-Id: <200309192000.h8JK05DG148750@vmd-
ext.prodigy.net>
Received: from sccrmhc12.comcast.net (localhost[127.0.0.1])
by comcast.net (sccrmhc12) with ESMTP
id <2003091919595601200o1tcne>; Fri, 19 Sep 2003
19:59:56 +0000
X-Comment: AT&T Maillennium special handling codes - xc
Date: Fri, 19 Sep 2003 19:52:37 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822
minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from zvqsemlm
(pcp04208595pcs.brick101.nj.comcast.net[68.36.199.162])
by comcast.net (sccrmhc12) with SMTP
id <2003091919523401200hj3k3e>; Fri, 19 Sep 2003
19:52:34 +0000
X-Comment: AT&T Maillennium special handling code - c
FROM: "Microsoft Corporation Security Section"
<[email protected]>
TO: "Commercial Partner" <[email protected]>
SUBJECT: Current Microsoft Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ulwevvoeznez"


X-Apparently-To: (e-mail address removed) via
web80108.mail.yahoo.com; 19 Sep 2003 22:30:47 -0700 (PDT)
X-YahooFilteredBulk: 209.226.175.4
Return-Path: <[email protected]>
Received: from vmn-ext.prodigy.net (207.115.63.24)
by mta813.mail.yahoo.com with SMTP; 19 Sep 2003
22:30:46 -0700 (PDT)
X-Originating-IP: [209.226.175.4]
Received: from tomts16-srv.bellnexxia.net
(tomts16.bellnexxia.net [209.226.175.4])
by vmn-ext.prodigy.net (8.12.9/8.12.3) with ESMTP
id h8K5UiLY117424
for <[email protected]>; Sat, 20 Sep 2003
01:30:44 -0400
Received: from uuifjwdi ([65.95.144.127]) by tomts16-
srv.bellnexxia.net
(InterMail vM.5.01.06.04 201-253-122-130-104-
20030726) with SMTP
id <20030920053035.CPEZ3710.tomts16-
srv.bellnexxia.net@uuifjwdi>;
Sat, 20 Sep 2003 01:30:35 -0400
FROM: "Microsoft Customer Support"
<[email protected]>
TO: "Commercial Client" <[email protected]>
SUBJECT: New Network Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ctvdlnzwwnyjd"
Message-Id: <20030920053035.CPEZ3710.tomts16-
srv.bellnexxia.net@uuifjwdi>
Date: Sat, 20 Sep 2003 01:30:42 -0400


X-Apparently-To: (e-mail address removed) via
web80106.mail.yahoo.com; 20 Sep 2003 02:30:09 -0700 (PDT)
X-YahooFilteredBulk: 213.46.243.24
Return-Path: <[email protected]>
Received: from vme-ext.prodigy.net (207.115.63.91)
by mta804.mail.yahoo.com with SMTP; 20 Sep 2003
02:30:08 -0700 (PDT)
X-Header-Overseas: Mail.from.Overseas.source.213.46.243.24
X-Originating-IP: [213.46.243.24]
Received: from amsfep13-int.chello.nl (amsfep13-
int.chello.nl [213.46.243.24])
by vme-ext.prodigy.net (8.12.9/8.12.3) with ESMTP
id h8K9TkME651590
for <[email protected]>; Sat, 20 Sep 2003
05:29:46 -0400
Received: from cjgrwomm ([80.111.101.209]) by amsfep13-
int.chello.nl
(InterMail vM.5.01.05.17 201-253-122-126-117-
20021021) with SMTP
id <20030920092905.EVVE20605.amsfep13-
int.chello.nl@cjgrwomm>;
Sat, 20 Sep 2003 11:29:05 +0200
FROM: "Public Bulletin" <>
TO: "Commercial Customer" <[email protected]>
SUBJECT: Newest Internet Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ckefqwuvloboriru"
Message-Id: <20030920092905.EVVE20605.amsfep13-
int.chello.nl@cjgrwomm>
Date: Sat, 20 Sep 2003 11:29:44 +0200

All four contain a different attachment.
Pack8826.zl9
patch.zl9
Patch875.zl9
Q388875.exe

All four have nearly an identical message body with only
changes being to how I am greeted (MS Client, MS Partner,
Microsoft Client, Microsoft Customer)
-----Original Message-----
i thought MS might like to see the e-mail virus i got
explaining how it is an update. i have posted the e-mail
below. i have no idea how to contact or e-mail MS about
this as they seem to spend a lot of money to ensure that
people cannot contact them :mad: i wasted 1/2 hour
already on the phone and interent trying to find info on
how to send them an e-mail to make them aware of this but
i am done trying, here you go MS as this is the only info
i can get to you :(.

BTW, this was sent from --> Program Security Section
[[email protected]] <--

<HTML>
<HEAD>
<style type='text/css'>.navtext{color:#ffffff;text-
decoration:none}
</style>
</HEAD>

<BODY BGCOLOR="White" TEXT="Black">
<BASEFONT SIZE="2" face="verdana,arial">
<TABLE WIDTH="600" HEIGHT="40" BGCOLOR="#1478EB">
<TR height="20">
<TD ALIGN="left" VALIGN="TOP" WIDTH="400"
ROWSPAN="2">
<FONT FACE="sans-serif" SIZE="5"><I><B>
<A class='navtext' HREF="http://www.microsoft.com/"
TITLE="Microsoft Home Site" target="_top">Microsoft</A>
</B></I></FONT>
</TD>

<TD ALIGN="right" VALIGN="MIDDLE" BGCOLOR="Black" NOWRAP>
<FONT color="#ffffff" size=1>
<A class='navtext'
href='http://www.microsoft.com/catalog/'
target="_top">All Products</A> |
<A class='navtext' href='http://support.microsoft.com/'
target="_top">Support</A> |
<A class='navtext' href='http://search.microsoft.com/'
target="_top">Search</A> |
<A class='navtext' href='http://www.microsoft.com/'
target=_top>
Microsoft.com Guide</A>
</FONT>
</TD>
</TR>

<TR>
<TD ALIGN="right" VALIGN="BOTTOM" NOWRAP>
<FONT FACE="Verdana, Arial" SIZE=1><B>
<A class='navtext' HREF='http://www.microsoft.com/'
TARGET=" top">
Microsoft Home</A> </B>
</FONT>
</TD>
</TR>
</TABLE>

<IMG SRC="cid:legfrlv" BORDER="0"><BR><BR>
<TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
MS Client<BR><BR>
this is the latest version of security update, the
"July 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help maintain the security of your computer
from these vulnerabilities, the most serious of which
could
allow an attacker to run code on your system.
This update includes the functionality of all previously
released patches.
</FONT></TD></TR>
</TABLE>

<BR><BR>
<TABLE BORDER="1" CELLSPACING="1" CELLPADDING="3"
WIDTH="600">
<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0"> System requirements</B>
</FONT></TD>
<TD NOWRAP><FONT SIZE="1">Windows
95/98/Me/2000/NT/XP</FONT></TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0"> This update applies
to</B>
</FONT></TD><TD NOWRAP>
<FONT SIZE="1">
MS Internet Explorer, version 4.01 and later<BR>
MS Outlook, version 8.00 and later<BR>
MS Outlook Express, version 4.01 and later
</FONT>
</TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle"
BORDER="0"> Recommendation</B></FONT></TD>
<TD NOWRAP><FONT SIZE="1">Customers should install the
patch at the earliest opportunity.</FONT></TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0"> How to
install</B></FONT></TD>
<TD NOWRAP><FONT SIZE="1">Run attached file. Choose Yes
on displayed dialog box.</FONT></TD>
</TR>

<TR VALIGN="TOP">
<TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:khlimel"
ALIGN="absmiddle" BORDER="0"> How to
use</B></FONT></TD>
<TD NOWRAP><FONT SIZE="1">You don't need to do anything
after installing this item.</FONT></TD>
</TR>
</TABLE>
<BR>

<TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
Microsoft Product Support Services and Knowledge Base
articles
can be found on the <A
HREF="http://support.microsoft.com/"
TARGET="_top">Microsoft Technical Support</A> web site.
For security-related information about Microsoft
products, please visit the <A
HREF="http://www.microsoft.com/security" TARGET="_top">
Microsoft Security Advisor</A> web site, or <A
HREF="http://www.microsoft.com/contactus/contactus.asp"
TARGET="_top">Contact Us.</A>
<BR><BR>
Thank you for using Microsoft products.<BR><BR></FONT>
<FONT SIZE="1">Please do not reply to this message. It
was sent from an unmonitored e-mail address and we are
unable to respond to any replies.<BR></FONT>

<HR COLOR="Silver" SIZE="1" WIDTH="100%">
<FONT SIZE="1" COLOR="Gray">The names of the actual
companies and products mentioned herein are the
trademarks of their respective owners.</FONT>
</TD></TR></TABLE>

<BR>
<TABLE WIDTH="600" HEIGHT="45" BGCOLOR="#1478EB">
<TR VALIGN="TOP">
<TD WIDTH="5"></TD>
<TD>
<FONT COLOR="#FFFFFF" SIZE="1"><B>
<A class='navtext'
HREF="http://www.microsoft.com/contactus/contactus.asp"
TARGET="_top">Contact Us</A>
|
<A class='navtext' HREF="http://www.microsoft.com/legal/"
TARGET="_top">Legal</A>
|
<A class='navtext'
HREF="https://www.truste.org/validate/605" TARGET="_top"
TITLE="TRUSTe - Click to Verify">TRUSTe</A>
</FONT></B>
</TD>
</TR>

<TR VALIGN="MIDDLE">
<TD WIDTH="5"></TD>
<TD>
<FONT COLOR="#FFFFFF" SIZE="1">
©2003 Microsoft Corporation. All rights reserved.
<A STYLE="color:#FFFFFF;"
HREF="http://www.microsoft.com/info/cpyright.htm"
TARGET="_top">Terms of Use</A>
|
<A STYLE="color:#FFFFFF;"
HREF="http://www.microsoft.com/info/privacy.htm"
TARGET="_top">
Privacy Statement</A> |
<A STYLE="color:#FFFFFF;"
HREF="http://www.microsoft.com/enable/"
TARGET="_top">Accessibility</A>
</FONT>
</TD>
</TR>

</TABLE>
</BODY>
</HTML>

.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Spam images not being blocked 2
This HTML won't work!! 5
HTML SIG not showing picture in 2007 1
PP 2007 opening HTML problem 3
auto-generated email message not displaying properly 1
Stationary, not displaying linked background 1
OL2003 Filter on Header Entry (Not Exactly Working) 3
Form is shown as HTML in the designer. 0

Top