virus warning

Stan Gorodenski stanlep at extremezone.com
Thu Mar 14 18:31:21 EST 2002 

Thanks for the warning, although since I use Netscape (a superior
product to microsoft) I may have nothing to worry about.
Stan

Anne Kilmer wrote:
> 
> >
> > This one's weird.
> 
> I got this email from "Microsoft Internet Security Center". My son
> Kenton went to the web page and downloaded the patch, and it contains a
> worm.
> The attachment that came with it contains a virus:  "The file
> q216309.exe intended for you was infected with the
> W32/Gibe at MM virus." said one of the many resultant messages I got.
> so don't install it, don't go to the page, it's a fraud and as evil as
> they come.
> Somebody should tell Microsoft ...
> Anne Kilmer
> 
> Do not follow the following instructions.
> Microsoft Customer,
> 
>       this is the latest version of security update, the
> known security vulnerabilities affecting Internet Explorer and
> MS Outlook/Express as well as six new vulnerabilities, and is
> discussed in Microsoft Security Bulletin MS02-005. Install now to
> protect your computer from these vulnerabilities, the most serious of which
> could allow an attacker to run code on your computer.
> 
> Description of several well-know vulnerabilities:
> 
> - "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment"
> vulnerability.
> If a malicious user sends an affected HTML e-mail or hosts an affected
> e-mail on a Web site, and a user opens the e-mail or visits the Web site,
> Internet Explorer automatically runs the executable on the user's computer.
> 
> - A vulnerability that could allow an unauthorized user to learn the
> location
> of cached content on your computer. This could enable the unauthorized
> user to launch compiled HTML Help (.chm) files that contain shortcuts to
> executables, thereby enabling the unauthorized user to run the executables
> on your computer.
> 
> - A new variant of the "Frame Domain Verification" vulnerability could
> enable a
> malicious Web site operator to open two browser windows, one in the Web
> site's
> domain and the other on your local file system, and to pass information
> from
> your computer to the Web site.
> 
> - CLSID extension vulnerability. Attachments which end with a CLSID file
> extension
> do not show the actual full extension of the file when saved and viewed
> with
> Windows Explorer. This allows dangerous file types to look as though
> they are simple,
> harmless files - such as JPG or WAV files - that do not need to be blocked.
> 
> System requirements:
> Versions of Windows no earlier than Windows 95.
> 
> This update applies to:
> Versions of Internet Explorer no earlier than 4.01
> Versions of MS Outlook no earlier than 8.00
> Versions of MS Outlook Express no earlier than 4.01
> 
> How to install
> Run attached file q216309.exe
> 
> How to use
> You don't need to do anything after installing this item.
> 
> For more information about these issues, read Microsoft Security
> Bulletin MS02-005, or visit link below.
> http://www.microsoft.com/windows/ie/downloads/critical/default.asp
> If you have some questions about this article contact us at
> rdquest12 at microsoft.com
> 
> Thank you for using Microsoft products.
> 
> With friendly greetings,
> MS Internet Security Center.
> ----------------------------------------
> ----------------------------------------
> Microsoft is registered trademark of Microsoft Corporation.
> Windows and Outlook are trademarks of Microsoft Corporation.
> 
> 
>  ------------------------------------------------------------
> 
>    For subscription and related information about LEPS-L visit:
> 
>    http://www.peabody.yale.edu/other/lepsl
>

 
 ------------------------------------------------------------ 

   For subscription and related information about LEPS-L visit:

   http://www.peabody.yale.edu/other/lepsl

More information about the Leps-l mailing list