M / S Emai Notification

  • Thread starter Thread starter Rick Webb
  • Start date Start date
R

Rick Webb

Hi,
I received this notification today via email (Outlook Express). I did not
realize that Microsoft sent out patches through the email system. When I
installed the patch, I kept getting a dialogue box (imap) that wanted me to
input my name , email address, password, server name, everything. It was
popping up , no matter what screen I was in or window was open. Is this a
legit email, and should I type in that Info in the box ? I was sceptical
about this , so I used Sys Restore and took the patch off for now.
Any ideas on the legitimacy of this, and should I fill in the requested
details?

Thanks
Rick
----- Original Message -----
From: MS Corporation Technical Services
To: Customer
Sent: Thursday, September 18, 2003 2:13 PM
Subject: New Internet Critical Pack


Microsoft All Products | Support | Search | Microsoft.com
Guide
Microsoft Home


Microsoft Customer

this is the latest version of security update, the "September 2003,
Cumulative Patch" update which fixes all known security vulnerabilities
affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
three newly discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow an
attacker to run code on your computer. This update includes the
functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest
opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be
found on the Microsoft Technical Support web site. For security-related
information about Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are
the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use |
Privacy Statement | Accessibility
 
PSS Security Response Team Alert - New E-Mail Worm: W32/Swen@MM

SEVERITY: MODERATE
DATE: September 18, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail

**********************************************************************

WHAT IS IT?
W32/Swen@MM spreads via e-mail and network shares. The Microsoft
Product Support Services Security Team is issuing this alert to advise
customers to be on the alert for this virus as it spreads in the wild.
Customers are advised to review the information and take the appropriate
action for their environments.

IMPACT OF ATTACK: Mass Mailing, disabling processes related to security
software such as antivirus and firewall software

TECHNICAL DETAILS:
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:

Network Associates:

http://vil.nai.com/vil/content/v_100662.htm

Trend Micro:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWE
N.A

Symantec

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
ml

Computer Associates:

http://www3.ca.com/virusinfo/virus.aspx?ID=36939

For more information on Microsoft's Virus Information Alliance please
visit this link: http://www.microsoft.com/technet/security/virus/via.asp


Please contact your Antivirus Vendor for additional details on this
virus.


PREVENTION:

1. This worm is exploiting a previously patched vulnerability. The
vulnerability exploited is related to the following Microsoft Security
Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp

As always, customers are advised to install the latest security patch
for Internet Explorer. Information on the latest cumulative security
patch for
Internet Explorer can be found here:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

2. Outlook 2000 post SP2 and Outlook XP SP1 include the most recent
updates to improve the security in Outlook and other Office programs.
This includes the functionality to block potentially harmful attachment
types. If you are running either of these versions, they will (by
default) block the attachment, and you will be unable to open it.

To ensure you are using the latest version of Office click here:
http://office.microsoft.com/ProductUpdates/default.aspx

By default, Outlook 2000 pre SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security
Update can be found here:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

Outlook Express 6 can be configured to block access to
potentially-damaging attachments. Information about how to configure
this can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387

Outlook Express all other versions: Previous versions of Outlook Express
do not contain attachment-blocking functionality. Please exercise
extreme caution when opening unsolicited e-mail messages with
attachments.

Web-based e-mail programs: Use of a program-level firewall can protect
you from being infected with this virus through Web-based e-mail
programs.

RECOVERY:
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Microsoft Product Support Services for
assistance with removing it.

TECHNET SECURITY LINK:
http://www.microsoft.com/technet/security/virus/alerts/swen.asp

As always please make sure to use the latest Anti-Virus detection from
your Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your
Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the
US, outside of the US please contact your local Microsoft Subsidiary.
Support for virus related issues can also be obtained from the Microsoft
Virus Support Newsgroup which can be located by clicking on the
following link
news://msnews.microsoft.com/microsoft.public.security.virus.

PSS Security Response Team

--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone -
 
Hello - I just posted an exact duplicate of your notification to the
Internet Explorer newsgroup before I read your message. Fortunately , I did
not open the attachment. I think I'll delete the one I received for sure.
I'll be watching for your progress. Good luck.
Bob
 
Bob said:
Hello - I just posted an exact duplicate of your notification to the
Internet Explorer newsgroup before I read your message. Fortunately ,
I did not open the attachment. I think I'll delete the one I received
for sure. I'll be watching for your progress. Good luck.
Bob

Don't just delete the phony Microsoft messages. Interspersed among the
phony emails are a few phony "can't deliver" messages, which also contain
the virus. While Norton caught the virus when attached to the phony
Microsoft emails, it FAILED to detect it in the phony "can't deliver"
messages.
 
Hello again - I read the message from Larry Samuels and ran the McAfee virus
program called "stinger" which seemed to eliminate the inundating MS
messages. The latest message on my inbox is a box with My Documents listed
and a file listed for saving called "Norton Delete". When I close this box
the message with a paper clip says:

"I'm sorry I wasn't able to deliver your message to one or more
destinations."

Undeliverable message to (bold letters) (e-mail address removed)

Message follows:

I didn't bother to open this attachment unless the box that popped up was
the message with Norton Delete on it.

Norton scan indicated the virus your group called W32/Swen@MM
was actually called "worm.Automat.AHB" when they stopped it from entering my
mail system. Unless I have another virus.
I am confused but eager to learn more. Thanks for your help. - Bob
 
Bob said:
Hello again - I read the message from Larry Samuels and ran the
McAfee virus program called "stinger" which seemed to eliminate the
inundating MS messages. The latest message on my inbox is a box with
My Documents listed and a file listed for saving called "Norton
Delete". When I close this box the message with a paper clip says:

"I'm sorry I wasn't able to deliver your message to one or more
destinations."

Undeliverable message to (bold letters) (e-mail address removed)

Message follows:

I didn't bother to open this attachment unless the box that popped up
was the message with Norton Delete on it.

Norton scan indicated the virus your group called W32/Swen@MM
was actually called "worm.Automat.AHB" when they stopped it from
entering my mail system. Unless I have another virus.
I am confused but eager to learn more. Thanks for your help. - Bob

Don't open on ANY attachments, no matter WHO they come from, until the
danger is past, ESPECIALLY attachments to e-mail purporting to be from an
Antivirus company.
 
Hello again - My earlier post about removal of the W32/Swen virus was
premature. It's back with a vengeance. I have a Dell P4 with XP Home with
IE6 and SP-1. Each AM I run Spybot & Adaware after updating. I also run NAV
full scan after that. After reading this newsgroup dated Sept. 19, 2003, I
tried Stinger removal tool to delete the W32/Swen@MM virus from OE with no
luck. ( I disabled System Restore as recommended first.) Then I tried the
Symantec removal tool from the same post and Norton reported no Swen virus
on my system. I checked Symantec for the dumurac.b virus and read that this
removal tool was part of my present Antivirus program which gave my system a
clean bill of health. MS support has no new updates beyond the last Blaster
virus a few weeks ago. I would appreciate any help to rid myself of this bug
in my OE program. I've had as many as 19 duplicate e-mail warnings about MS
updates. I've never opened any of the attachments and deleted all of them
from my OE deleted files but new ones continue to appear. These messages
started appearing on Sept. 18, 2003. Each time a message comes in, Symantec
blocks the message and says it has deleted the message. After I close
Symantec, a window pops up saying:

I'm sorry I wasn't able to deliver your message to one or more destinations.

Undeliverable message to (e-mail address removed)

Pretty soon an Outlook Express window pops up saying:

Your server has disconnected your e-mail service due to error no. ox800cccof
X Task - Check for new messages on bob.dobs failed
X Task - Check for new messages on pop.netz failed

No more mail is delivered after this.
I hope someone can advise me on a method of removing this thing.
Thanks for trying - Bob Dobson
 
Back
Top