virus warning

John Shuey jshuey at TNC.ORG
Thu Mar 14 17:12:42 EST 2002

Following up on what Ann wrote - here's what our help desk just sent to TNC


We have received numerous reports concerning an email message with the
subject "Internet Security Update". Typically, it purports to have been sent
from someone who knows you. Even though this email message looks like a
legitimate security memo from the Microsoft Corporation Security Center, it
is fraudulent and it includes a virus attachment called Q216309.exe. If you
receive it, simply delete the email message.

Thank you for your cooperation!


W32.Gibe at mm.html


CHARACTERISTICS: This worm is spread via Microsoft Outlook. It sends itself
to all the addresses found in the Outlook address book. It installs a
backdoor Trojan program and makes modifications to the Windows operating


HOW TO AVOID: Do not open the email attachments called Q216309.exe. The
virus arrives with the subject line entitled, "Internet Security Update"
appearing to come from the Microsoft Corporation Security Center. Please
make sure that your antivirus definitions are current.

INDICATIONS OF INFECTION: When the Q216309.exe file is executed, it will
create the three files (Q216309.exe, Vtnmsccd.dll, Bctool.exe) in the
c:\windows folder. It will also send the same message to all the entries
found in the Outlook address book.

Protecting Yourself from Computer Viruses


1. Never open an email file attachment sent from an unknown address. Simply
delete the message.

2. Always use Norton AntiVirus to scan files downloaded from the Internet,
avoid downloading from the Internet if possible.

3. When someone hands you a floppy disk, always scan the disk with Norton
AntiVirus before accessing any files from it.

4. When Word or Excel opens a document with a warning, select "Disable

Macros," unless you are certain that the document is designed with harmless


> -----Original Message-----
> From: owner-leps-l at [mailto:owner-leps-l at]On
> Behalf Of Anne Kilmer
> Sent: Thursday, March 14, 2002 4:39 PM
> To: Lana Edwards
> Cc: Pat Suiter; A Edwards; Ava Sue Hickerson; Barbara Kuebler; Barbara
> Liberman; Barbara Walsh; Bill Vasilik; Bob Beard; Carrie White; Colleen
> & Jim Wiggins; Cynthia Plockelman; Dale Ruth; David West; Debbie Dixon;
> Donna Leone; Doris & Bill Happel; Fred L. Brockman; Hal Wiedemann; Ira
> blei; Jan Everett; Judi W. Ake; Kathy Malone; Ken Rice; Kerri Smith;
> Kristen Murtaugh; Lenore Dupee; Linda & Buck Cooper; Lucy Ufferman;
> Marian Bailey; Marilyn Brook; Marthanne Mitchell; Mary Shields; Norma
> Hay; Patsy Turney; Penni & Matthew Redford; Rich W. Crook & Family; Rita
> Peters; Robert Kelley; Rosa Miller; Suzanne Bird; Teri Jabour; Leps
> List; banter
> Subject: Re: virus warning
> >
> > This one's weird.
> I got this email from "Microsoft Internet Security Center". My son
> Kenton went to the web page and downloaded the patch, and it contains a
> worm.
> The attachment that came with it contains a virus:  "The file
> q216309.exe intended for you was infected with the
> W32/Gibe at MM virus." said one of the many resultant messages I got.
> so don't install it, don't go to the page, it's a fraud and as evil as
> they come.
> Somebody should tell Microsoft ...
> Anne Kilmer
> Do not follow the following instructions.
> Microsoft Customer,
>       this is the latest version of security update, the
> known security vulnerabilities affecting Internet Explorer and
> MS Outlook/Express as well as six new vulnerabilities, and is
> discussed in Microsoft Security Bulletin MS02-005. Install now to
> protect your computer from these vulnerabilities, the most
> serious of which
> could allow an attacker to run code on your computer.
> Description of several well-know vulnerabilities:
> - "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment"
> vulnerability.
> If a malicious user sends an affected HTML e-mail or hosts an affected
> e-mail on a Web site, and a user opens the e-mail or visits the Web site,
> Internet Explorer automatically runs the executable on the user's
> computer.
> - A vulnerability that could allow an unauthorized user to learn the
> location
> of cached content on your computer. This could enable the unauthorized
> user to launch compiled HTML Help (.chm) files that contain shortcuts to
> executables, thereby enabling the unauthorized user to run the executables
> on your computer.
> - A new variant of the "Frame Domain Verification" vulnerability could
> enable a
> malicious Web site operator to open two browser windows, one in the Web
> site's
> domain and the other on your local file system, and to pass information
> from
> your computer to the Web site.
> - CLSID extension vulnerability. Attachments which end with a CLSID file
> extension
> do not show the actual full extension of the file when saved and viewed
> with
> Windows Explorer. This allows dangerous file types to look as though
> they are simple,
> harmless files - such as JPG or WAV files - that do not need to
> be blocked.
> System requirements:
> Versions of Windows no earlier than Windows 95.
> This update applies to:
> Versions of Internet Explorer no earlier than 4.01
> Versions of MS Outlook no earlier than 8.00
> Versions of MS Outlook Express no earlier than 4.01
> How to install
> Run attached file q216309.exe
> How to use
> You don't need to do anything after installing this item.
> For more information about these issues, read Microsoft Security
> Bulletin MS02-005, or visit link below.
> If you have some questions about this article contact us at
> rdquest12 at
> Thank you for using Microsoft products.
> With friendly greetings,
> MS Internet Security Center.
> ----------------------------------------
> ----------------------------------------
> Microsoft is registered trademark of Microsoft Corporation.
> Windows and Outlook are trademarks of Microsoft Corporation.
>  ------------------------------------------------------------
>    For subscription and related information about LEPS-L visit:


   For subscription and related information about LEPS-L visit: 

More information about the Leps-l mailing list