Virus with Microsoft update

[Mark]

Hi
I just got sent 8 email from Microsoft update sending
latest patch, all had the worm.automat.AHB intercepted by
norton av.the emails seem to be genuine as they all point
to MS sites etc I have looked all around the code
searching for spoofing info but there doesnt seem to be
any.
What could this be

Mark

 

[Ramesh]

Hi Mark,

Microsoft *NEVER* distributes software via email. The mail which you
received is not from Microsoft, though the return address says so.

Please go through: Microsoft Policies on Software Distribution:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp

NOTE: If you receive an e-mail that claims to contain software from
Microsoft, do not run the attachment. The safest course of action is to
delete the mail altogether. If you would like to take additional action,
report the e-mail to the sender's Internet Service Provider. Most ISPs
provide an "abuse" userid for this purpose.

--
Regards,
Ramesh
AOL: SRamesh2k

«·´`·.(*·.¸(`·.¸ ¸.·´)¸.·*).·´`·»
«.............. Ramesh ...............»
«·´`·.(¸.·´(¸.·* *·.¸)`·.¸).·´`·»

~ Please reply to newsgroup ~


Hi
I just got sent 8 email from Microsoft update sending
latest patch, all had the worm.automat.AHB intercepted by
norton av.the emails seem to be genuine as they all point
to MS sites etc I have looked all around the code
searching for spoofing info but there doesnt seem to be
any.
What could this be

Mark

 

[mike]

I have a prob that keeps coming up on my screen telling

me that ...memory access violation in modulation
kernel32....

I must say that I have also installed updates from
microsoft emails ...which now I understand are not
microsoft....... can I reinstall xp home over the old one
and get rid of what is playing up

thanks .
MIkE

 

[Lorne Smith]

You could, but you'd be better off running a virus scan as you are most
definatly infected now. A repair installation will not get rid of the
virus, you'd need to do a complete reformat and fresh install. And any
files you backup would probably be infected... Go to www.symantec.com for
help...

Lorne

 

[Dan]

-----Original Message-----
Hi
I just got sent 8 email from Microsoft update sending
latest patch, all had the worm.automat.AHB intercepted by
norton av.the emails seem to be genuine as they all point
to MS sites etc I have looked all around the code
searching for spoofing info but there doesnt seem to be
any.
What could this be

Mark
.
Mark,

Microsoft does not send out e-mails with any updates in
them of any kind the are only put into Microsoft Windows
Update you have to search in there for any you might need,
or have your computer set to receive Update Alerts that
pretain to your computer.

 

[Crispy]

These emails are getting ridiculous. Fortunately my AV and McAfee Spamkiller
stop them all - But is anyone doing anything about it?

 

[Yoder]

What people are doing about it:

Using antivirus
Disallowing attachments
Never posting true email addresses on Web
Changing email address

No, Interpol is not making this a priority, ditto for the
FBI, CIA, etc.

 

[Larry Samuels MS-MVP XP \(Shell/User\)]

Microsoft never sends unsolicited files by email.
DO NOT open the file--it is NOT from MS.
REPEAT:Microsoft NEVER sends unsolicited files by email.

It is a virus masquerading as MS security.
The most recent is W32/Swen@MM which can be removed with Stinger
http://vil.nai.com/vil/stinger/

The others circulating are dumaru.b
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
or a variant of the gibe worm.
Removal tool for gibe is at
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

PSS Security Response Team Alert - New E-Mail Worm: W32/Swen@MM

SEVERITY: MODERATE
DATE: September 18, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail

**********************************************************************

WHAT IS IT?
W32/Swen@MM spreads via e-mail and network shares. The Microsoft
Product Support Services Security Team is issuing this alert to advise
customers to be on the alert for this virus as it spreads in the wild.
Customers are advised to review the information and take the appropriate
action for their environments.

IMPACT OF ATTACK: Mass Mailing, disabling processes related to security
software such as antivirus and firewall software

TECHNICAL DETAILS:
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:

Network Associates:

http://vil.nai.com/vil/content/v_100662.htm

Trend Micro:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWE
N.A

Symantec

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
ml

Computer Associates:

http://www3.ca.com/virusinfo/virus.aspx?ID=36939

For more information on Microsoft's Virus Information Alliance please
visit this link: http://www.microsoft.com/technet/security/virus/via.asp


Please contact your Antivirus Vendor for additional details on this
virus.


PREVENTION:

1. This worm is exploiting a previously patched vulnerability. The
vulnerability exploited is related to the following Microsoft Security
Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp

As always, customers are advised to install the latest security patch
for Internet Explorer. Information on the latest cumulative security
patch for
Internet Explorer can be found here:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

2. Outlook 2000 post SP2 and Outlook XP SP1 include the most recent
updates to improve the security in Outlook and other Office programs.
This includes the functionality to block potentially harmful attachment
types. If you are running either of these versions, they will (by
default) block the attachment, and you will be unable to open it.

To ensure you are using the latest version of Office click here:
http://office.microsoft.com/ProductUpdates/default.aspx

By default, Outlook 2000 pre SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security
Update can be found here:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

Outlook Express 6 can be configured to block access to
potentially-damaging attachments. Information about how to configure
this can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387

Outlook Express all other versions: Previous versions of Outlook Express
do not contain attachment-blocking functionality. Please exercise
extreme caution when opening unsolicited e-mail messages with
attachments.

Web-based e-mail programs: Use of a program-level firewall can protect
you from being infected with this virus through Web-based e-mail
programs.

RECOVERY:
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Microsoft Product Support Services for
assistance with removing it.

TECHNET SECURITY LINK:
http://www.microsoft.com/technet/security/virus/alerts/swen.asp

As always please make sure to use the latest Anti-Virus detection from
your Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your
Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the
US, outside of the US please contact your local Microsoft Subsidiary.
Support for virus related issues can also be obtained from the Microsoft
Virus Support Newsgroup which can be located by clicking on the
following link
news://msnews.microsoft.com/microsoft.public.security.virus.

PSS Security Response Team

--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone -