virus warning

Anne Kilmer viceroy at gate.net
Thu Mar 14 16:38:30 EST 2002


>  
> This one's weird.

I got this email from "Microsoft Internet Security Center". My son 
Kenton went to the web page and downloaded the patch, and it contains a 
worm.
The attachment that came with it contains a virus:  "The file 
q216309.exe intended for you was infected with the
W32/Gibe at MM virus." said one of the many resultant messages I got.
so don't install it, don't go to the page, it's a fraud and as evil as 
they come.
Somebody should tell Microsoft ...
Anne Kilmer

Do not follow the following instructions.
Microsoft Customer,

      this is the latest version of security update, the
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.


Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" 
vulnerability.
If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.

- A vulnerability that could allow an unauthorized user to learn the 
location
of cached content on your computer. This could enable the unauthorized
user to launch compiled HTML Help (.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized user to run the executables
on your computer.

- A new variant of the "Frame Domain Verification" vulnerability could 
enable a
malicious Web site operator to open two browser windows, one in the Web 
site's
domain and the other on your local file system, and to pass information 
from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end with a CLSID file 
extension
do not show the actual full extension of the file when saved and viewed 
with
Windows Explorer. This allows dangerous file types to look as though 
they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.


System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.


For more information about these issues, read Microsoft Security 
Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/default.asp
If you have some questions about this article contact us at 
rdquest12 at microsoft.com

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.



 
 ------------------------------------------------------------ 

   For subscription and related information about LEPS-L visit:

   http://www.peabody.yale.edu/other/lepsl 
 


More information about the Leps-l mailing list