Strange Emails

  • Thread starter Thread starter Scott
  • Start date Start date
S

Scott

All of a sudden I am getting a multitude of emails
from "MS Corporation Public Support" to "MS Corporation
Client" under the subject of "Current Security Upgrade".
I am also getting many from "Microsoft Net Message Storage
System" to "Inet User". What in the world is going on
here? All I have done recently is update the XP machine
with the critical updates.
 
In
Scott said:
All of a sudden I am getting a multitude of emails
from "MS Corporation Public Support"
Click to expand...


Nope. You're getting them from someone who wants to inflict a
virus on you.

This is just the latest widespread virus attck.
 
Hi Scott,

It's the Swen worm propagating itself - just delete them. Microsoft does not
send out security patches in this manner.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x

Associate Expert - WinXP - Expert Zone
 
Greetings --

What you received is either a very common malicious hoax or the
output of a computer infected by one of several wide-spread, mass
emailing worms. The most widely-known are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Microsoft never has, does not currently, and never will email
unsolicited security patches. At the most, if, and only if, you
subscribe to their security notification newsletter, they will send
you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.

There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
How long will these keep coming? I delete them right
away. Also, I have the latest .dat file from McAfee and
run Zone Alarm, current upgrade too. How can this get
through? Thanks for the information.
Click to expand...

How long? Seems like it will be forever! The recent worms, Swen especially,
are extra aggressive and the amount of mail they send is HUGE. Eventually,
as folks with infected machines repair their systems, these things (mass
mailing by worms) die out. It just takes time.
 
My sympathies - last weekend I had more than 540 e-mails
(about 70% with attached viruses) in 37 hours. First time in
15 years!!
1) You should IMMEDIATELY mask (Munge) your e-mail
address:
http://www.mailmsg.com/SPAM_munging.htm!!
See my address (below bottom)!
Do it NOW!
Do the same in your e-mail client software!
Spammers use 'bots' to trawl the internet, looking for real
e-mail addresses to Spam!
2) Ask your ISP about changing your e-mail address. That's
what I did!
--
Hope this helps!

Pat Garard
Australia.
apgarardATbigpondDOTnetDOTau
 
There's probably no way of blocking all of the bogus messages, but
you can greatly reduce the number you get by creating a rule, based
upon the most commonly used subject lines, to delete the emails from
the server without ever downloading them.
Click to expand...


Great advice Bruce. I've based my OE rule on the content because of
the random element of the subject line. If I receive an mail from
someone who is not in my Address Book and the words below are included
in the body of the message, the message is moved to my 'Suspected
Spam' folder -

Undelivered
Undeliverable
September 2003, Cumulative Patch

So far this has filtered all of those pesky trojan emails (almost 500
so far).

I've been looking at the full header for these messages. I'm trying
to discover if someone I know is infected with the SWEN worm. If I
look at the first Received By|From line in the header, will it give me
the name of the persons computer it was sent from? I can see that a
real email gives the proper computer name of one of my close friends.

I'm going to try and send a mail to my Address Book list, listing the
names of the infected machines, if this is reliable?

TIA,

Colin
 
Pat Garard said:
My sympathies - last weekend I had more than 540 e-mails
(about 70% with attached viruses) in 37 hours. First time in
15 years!!
1) You should IMMEDIATELY mask (Munge) your e-mail
address:
http://www.mailmsg.com/SPAM_munging.htm!!
See my address (below bottom)!
Do it NOW!
Do the same in your e-mail client software!
Spammers use 'bots' to trawl the internet, looking for real
e-mail addresses to Spam!
2) Ask your ISP about changing your e-mail address. That's
what I did!
--
Hope this helps!

Pat Garard
Australia.
apgarardATbigpondDOTnetDOTau
Click to expand...
Modified email addresses in any form are a bad idea; make them fake. The
original perpetrators have access to directory services and a
cross-comparison will net them a true address. It may not be *yours*, but
someone is going to get hit hard--again. Instead, request that all replies
be made to the newsgroup .

Malv
 
Back
Top