Emails from Microsoft

[illflem]

Must have received over 50 in the last few days.

I know it's a virus but was wondering if each email represents an infected computer. Seems odd I would get so many hoax emails since I receive very little spam.

 

[nickleinonen]

i've gotten a dozen or so emails like that too... when the first one came, i almost was going to open the attachment, but the microsoft logo in thir page didn't look quite right to me so i deleted it instead. did the same to the other 11 or so too... it is a pretty sharp scam eh... someone who maybe doesn't know better will believe the email and load the software/virus and then get it spammed out to everyone in their address book... .

 

[RustyJC]

Yeah, it even made it through our company's firewall. It was in my inbox this morning on my company computer when I got to work.



Rusty

 

[jrobinson2]

I got this from my ISP this morning





INFORMATION:

W32. Swen. A@mm (called Worm. Automat. AHB earlier)

If you receive an email that appears to be from Microsoft, and

says it is a Critical Update, Security Patch Update, etc. , it is a

fake and the attachment you are supposed to click infects your

system. It is very dangerous at this point and causes your

computer to mail out the infection to addresses found in MS

Outlook and Outlook Express, AND found in the following files on

your harddrive:

.html, . asp, . eml, . dbx, . wab, . mbx

This means that even though you're NOT using a Microsoft

email program, if your email program (such as Eudora) stores

emails in a file with one of the above extensions, and you infect

your system by clicking on the "update", your system will then

send out the infection to all found addresses.

Worse, the infection kills all computer protection on your system,

such as McAfee Scan, Norton/Symantec AV, ZoneAlarm, Zone Alarm

Pro, AdAware, SpyBot, etc. It also looks through your registry

files and finds the current email address for your system, AND

makes changes which prevent you from running RegEdit on your

computer. It also prevents you from running other critical

Windows utilities which you might use to either find infected

files, or delete them.

Infected attachment files will have names generated by the worm in

the following formats:

It will make a file with one of the following names:

Patch

Upgrade

Update

Installer

Install

Pack

Q

Followed by a series of random numbers.

And a file extension that is either . exe or . zip.

So, an infected attachment might look like:

Patch298. exe,

Q988766. exe,

Update745. exe

Install025. exe

or the same format with . zip extensions.

I have received several hundred infected emails, that were

supposedly from Microsoft, during the past week, all

addressed to email addresses I use for the Mailing Lists at

Rootsweb. Thus, some users of these Lists are already

infected. EVERYONE should make sure they have the

latest virus definition files for their Anti-Virus program,

and should run a full system scan over their entire system,

no matter how long it takes. In addition, you should all go

to the following URL, read the message, and, from the

instructions, see if your computer is infected:

For Symantec (Norton) Users;

<http://www.sarc.com/avcenter/venc/data/w32.swen.a@mm.html>

For McAfee Users:

<http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=s

wen>



Dont sound like fun to me

Jared

 

[Proram]

Virus

BEWARE!!!!!! that thing is NASTY!!!! i virtulaly Destroyed my wifes

Brand new DELL. What ever you do don't open the thing...

no redaly avial. anti virus can catch it. the only way so far to get rid of it is to crash the system and start from scratch. . i'm not speculating on this i'm telling you from first hand exp. Microsoft will NEVER send you a patch in an e-mail. (thats how it got my wife, looks very offical) i have a very good norton anti virus,(actually 2 in redundance) and it got by them. took 2 full days to restore the system and it still needs some tweeking. if anybobys curious as to what it does, it looks you out of your operating system in 3 steps, each time you try to issoate it it gets worse till finnally your locked out completly.



all i'm saying is BE CARFUL!!!

Later Scott

 

[Doc Tinker]

This is where I got the utility to remove this worm from a staff computer on Friday. They also show the contents of the email that carries the worm.



http://www3.ca.com/virusinfo/virus.aspx?ID=36939



Doc

 

[Steve St.Laurent]

I was waiting for your call on saturday proram - glad you got it figured out. For everyone else out there a good rule to go by is to NEVER EVER install any patch that was sent to you by email. I know of no company that sends out software patches by email. I would only install ones that I downloaded directly from there site - and even then only after I know it's been out for a while and others have installed it without problems.

 

[mjendrejcak]

I'm a network admin for a manufactoring firm of radation test equipment. I have many users that opened and ran attachments in any email (got to love engineers). I set are firewall to strip any attachments out of emails and send a copy of the email to myself.



I contacted Microshaft about this latest email with a patch. MS sent a public annoucement as follows.



STAY ALERT: MICROSOFT NEVER DISTRIBUTES SOFTWARE VIA E-MAIL



From time to time, malicious individuals circulate e-mail messages that purport to be a Microsoft Security Bulletin or patch. These messages might contain (or link to) an executable file that contains a virus. Visit TechNet and learn to look for clues that e-mail messages are not bona fide security bulletins or patches.



http://go.microsoft.com/?linkid=262639





Microsoft Communities is your launching pad for communicating online with peers and experts about Microsoft products, technologies, and services:

http://go.microsoft.com/?linkid=262637



~~~~~~~~~~~~~~~~~~~~~~~~~ How to use this mailing list~~~~~~~~~~~~~~~~~~~~~~~~



To cancel your subscription to this newsletter, either click mailto:1_52807_0A85FD26-0FA7-3440-A4E0-27C6EE51C1C5_US@Newsletters. Microsoft.com?subject=UNSUBSCRIBE to send an unsubscribe e-mail or reply to this message with the word UNSUBSCRIBE in the Subject line. To stop all e-mail newsletters from microsoft.com, either click mailto:2_52807_0A85FD26-0FA7-3440-A4E0-27C6EE51C1C5_US@Newsletters. Microsoft.com?subject=STOPMAIL to send your request or reply to this message with the word STOPMAIL in the Subject Line. You can also unsubscribe at http://go.microsoft.com/?linkid=262638. You can manage all your Microsoft.com communication preferences from this site.



THIS DOCUMENT AND OTHER DOCUMENTS PROVIDED PURSUANT TO THIS PROGRAM ARE FOR INFORMATIONAL PURPOSES ONLY. The information type should not be interpreted to be a commitment on the part of Microsoft and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND. The user assumes the entire risk as to the accuracy and the use of this document.

microsoft.com newsletter e-mail may be copied and distributed subject to the following conditions:

1. All text must be copied without modification and all pages must be included

2. All copies must contain Microsoft's copyright notice and any other notices provided therein

3. This document may not be distributed for profit

 

[Proram]

Virus

Steve, sorry. Andy gave me your number. we ( the wife and i ) just abondoned the whole thing till Sun. took her all day to

get it straightend out:{ :{ by the time hammer got involved , we had already wiped the system clean... What a mess

Again thanks for the offer to help.



PS, i wouldnt wish this virus on anybody... Well then again



Scott

 

[GWDiesel]

E mail trash

iLLFLEM: we are having the same problem,we are receving E mails

from Africa,the mid East, and an out fit in San Jose CA with a huge page of some person's job resumay over and over again even

tho we Block Sender every time,the one's from Africa are A scam

for your money!Block sender worked, but not any more. GWD