Trash this on sight!
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
There is no such thing as a May update yet. This is NOT from Microsoft. Microsoft does NOT email security patches. I cut and pasted text and the viral analysis of the "update" attachment-- this was an HTML email that spoofed Microsoft's emails fairly well, except that Microsoft does NOT email updates. If you get things that purport to be Microsoft updates FROM Microfsoft in email, they need to be junked on sight.
email text as received here wrote:
From: nikolay@rudakov.omsk.su
Part name: Installer.exe
Part MIME-type: application/x-msdownload
Part charset:
Part status: DETECTED
Part action: remove
Detected virus(es) in object:
I-Worm.Swen
Subject:
Net Security Pack
From:
"Microsoft Corporation Network Security Division" <cdgsath_kbqbqkr@updates.net>
To:
" " <partner@updates.net>
Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home
Microsoft Partner
this is the latest version of security update, the "May 2004, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.
System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.
Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.
Thank you for using Microsoft products.
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
Contact Us | Legal | TRUSTe
©2004 Microsoft Corporation. All rights reserved.
0
Comments
Yes, most email woms like this have attachments that are something you must click on to get infected-- ones thta use grpahics, with OE set to autoview tham, can run when a virus-laden attachment pretending to be a graphic is viewed, but Swen does not use that kind of attachment. Very few are such that you get infected on opening email or viewing it. One way to look at email safely is to set your email to show plain text by default, and only look at HTML that you know is safe in HTML mode. This will get you not able to look at things (or have bad things run) that say they are pictures except that they will show as junk.
Antispam that is on local boxes typically cannot kill\prevent this virus, because most folks want some emails from Microsoft. Viruses purporting to be Microsoft security updates sent by Microsoft in email have been around for a couple years.
I think, in my limited spare time, I need to start a "rough recognize of emails not to click on by textual header analysis" thread. It works about 90% of time here, with certain rules followed. The other tenth of the times, I learn about another new one that has hit in my region of the world.
In my case, this email came in intact and was caught locally by AV on a Linux box. I deliberately have an AV that knows Windws and Linux viruses on this box so I do not forward things without knowing what is up and how to forward parts that need to be in order to avoid baing hit-- in this case, struck plain text up without attachment. Swen family can use different attachment names, so even name of attachment was not a recognition thing. Text content in email IS a good recognizer, though, for this particular virus.
John D.