NEW MS Virus Post

  • Thread starter Thread starter Heather
  • Start date Start date
H

Heather

Just found this in Mailwasher on my old dialup account which has not
been used for a year. Quite different from the usual one. But
Mailwasher tagged it as a possible virus, which it is. I am including
all the info, but only two lines of source code.

I haven't seen this one in Yahoo, Hotmail or my cable
account......anyone else get it???

Hang them up by their 'tender parts' and flog them
unmercifully.....grin!! Damn script kiddies!!!!

Figgs

Return-Path:
<0_13991_3C19DF02-F43D-12783-9A99-25977857B26E_RU@Newsletters.Microsoft.
com>
Received: from ool-44c6ff66.dyn.optonline.net ([68.198.255.102])
by berlinr.sprint.ca
(InterMail vM.5.01.02.00 201-253-122-103-101-20001108) with
SMTP
id
<20031020093403.DQXU18383.berlinr.sprint.ca@ool-44c6ff66.dyn.optonline.n
et>
for <[email protected]>; Mon, 20 Oct 2003 05:34:03 -0400
Message-ID: <[email protected]>
Date: Mon, 20 Oct 2003 03:44:29 -0700
From: "Microsoft"
<0_13991_3C19DF02-F43D-12783-9A99-25977857B26E_RU@Newsletters.Microsoft.
com>
Subject: Microsoft Security Update
To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------21B313B4256A6A"

------------21B313B4256A6A
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

THE MICROSOFT SECURITY UPDATE NEWSLETTER

October 18, 2003

The Microsoft Security Update Newsletter for home users
and small businesses provides information on security-related
updates to Microsoft(R) products, as well as virus alerts
and resources for more information on security issues.
__________________________________________________

SECURITY BULLETIN

Please review Microsoft Security Bulletin MS03-047: Security Update
for Microsoft Windows(R)

WHY WE ARE ISSUING THIS UPDATE
A security issue has been identified that could allow an attacker
to remotely compromise a computer running Microsoft Windows and gain
complete control over it. You can help protect your computer
by installing this update from Microsoft.

PRODUCTS AFFECTED
Windows 98
Windows ME
Windows NT(R) 4.0
Windows 2000
Windows XP
Windows Server(TM) 2003
__________________________________________________
THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE
FOR INFORMATIONAL PURPOSES
ONLY. The information type should not be interpreted to be a commitment
on the part of Microsoft and
Microsoft cannot guarantee the accuracy of any information presented
after the date of publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT
WARRANTY OF ANY KIND. The user
assumes the entire risk as to the accuracy and the use of this document.
microsoft.com newsletter e-mail may be copied and distributed subject to
the following conditions:

1. All text must be copied without modification and all pages must be
included

2. All copies must contain Microsoft's copyright notice and any other
notices provided therein

3. This document may not be distributed for profit
------------21B313B4256A6A
Content-Type: application/x-msdownload; name="MS03-047.zl9"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MS03-047.zl9"

UEsDBBQAAgAIABmCUy+rtoYM7jEAACA6AAAMAAAATVMwMy0wNDcuZXhl7btpVFNZtC6605EW
EiD0
CEFAULrQg4KGHpQm0iOgIAECBIghoRGQYIImQiCiNPZaqGWDikqPaGikUbSwtJRWUClFg4hK
AQqS
 
On that special day, Heather, ([email protected]) said...
3. This document may not be distributed for profit
------------21B313B4256A6A
Content-Type: application/x-msdownload; name="MS03-047.zl9"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="MS03-047.zl9"

UEsDBBQAAgAIABmCUy+rtoYM7jEAACA6AAAMAAAATVMwMy0wNDcuZXhl7btpVFNZtC6605EW
EiD0
CEFAULrQg4KGHpQm0iOgIAECBIghoRGQYIImQiCiNPZaqGWDikqPaGikUbSwtJRWUClFg4hK
AQqS

Hmm, I can't tell much about it, except that it must be something
zipped; as the two code lines decode the Base64 to PK-something, which
is typical for a zip file.

I am not sure whether this ia a worm (which then would have to be
extracted manually by the recipient), if this is *caused* by a worm that
fetches documents from the infected machine to make the mail look more
innocent, or if someone mis-sent a document.

You can copy this piece of code to the hard disk without much risk, as
long as you don't extract AND execute it. But at present, I can't tell
what this is about.


Gabriele Neukam

(e-mail address removed)
 
Back
Top