Author Message

This is a known virus.  Do not run the attachment.  Also, you may want to
either update your Nortons or get a better AV.  The link below will give you
information on the virus.


Steve Sprague, MCP
eAegis: Security Through Information

> I got the following message today that purports to be from
> Microsoft. It
> does not trigger as a virus, ON nORTON, but seems odd.
> Perhaps you would be so kind as
> to evaluate the attachment.  It seems odd because I am not
> aware of
> Microsoft E-mailing out fixes such as this. Also, The
> attached Q216309 does
> not seem to be in Microsoft's support file base, and while
> the MS02-005 does
> refer to an existing series of security updates, but they
> refer a user to
> search results that do not mention the Q216309
> are the
> search results. Search results:
>  MS02-005: Patch Is Available for the GetObject()
> Scripting Function
> Vulnerability (Q317726)
>  A vulnerability in Internet Explorer exists that could
> allow an attacker to
> view files on the computer of another user. The
> vulnerability could be
> exploited by using either of two scenarios. An attacker
> could send a
> specially formatted HTML

>  MS02-005: Patch Is Available for the Application
> Invocation via
> Content-Type Field Vulnerability (Q317727)
>  A vulnerability exists in Internet Explorer that could
> allow an attacker to
> use a Web page to start one of the programs that is
> installed on a user's
> computer, in conjunction with a file that the attacker
> supplied. In the
> worst case, this c

>  BUG: Latest Security Patch (Q316059) Crashes Internet
> Explorer When You
> Call execScript (Q318426)
>  When you call

>  MS02-005: Patch Is Available for a New Variant of
> the "Frame Domain
> Verification" Vulnerability (Q317729)
>  A new variant of the "Frame Domain Verification"
> vulnerability that was
> originally discussed in the following Microsoft Security
> Bulletin has been
> discovered:


> ----- Original Message -----
> From: "Microsoft Corporation Security Center"

> Sent: Sunday, March 10, 2002 4:16 PM
> Subject: Internet Security Update

> Microsoft Customer,

>      this is the latest version of security update, the

> known security vulnerabilities affecting Internet Explorer
> and
> MS Outlook/Express as well as six new vulnerabilities, and
> is
> discussed in Microsoft Security Bulletin MS02-005. Install
> now to
> protect your computer from these vulnerabilities, the most
> serious of which
> could allow an attacker to run code on your computer.

> Description of several well-know vulnerabilities:

> - "Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment"
> vulnerability.
> If a malicious user sends an affected HTML e-mail or hosts
> an affected
> e-mail on a Web site, and a user opens the e-mail or
> visits the Web site,
> Internet Explorer automatically runs the executable on the
> user's computer.

> - A vulnerability that could allow an unauthorized user to
> learn the
> location
> of cached content on your computer. This could enable the
> unauthorized
> user to launch compiled HTML Help (.chm) files that
> contain shortcuts to
> executables, thereby enabling the unauthorized user to run
> the executables
> on your computer.

> - A new variant of the "Frame Domain Verification"
> vulnerability could
> enable a
> malicious Web site operator to open two browser windows,
> one in the Web
> site's
> domain and the other on your local file system, and to
> pass information from
> your computer to the Web site.

> - CLSID extension vulnerability. Attachments which end
> with a CLSID file
> extension
> do not show the actual full extension of the file when
> saved and viewed with
> Windows Explorer. This allows dangerous file types to look
> as though they
> are simple,
> harmless files - such as JPG or WAV files - that do not
> need to be blocked.

> System requirements:
> Versions of Windows no earlier than Windows 95.

> This update applies to:
> Versions of Internet Explorer no earlier than 4.01
> Versions of MS Outlook no earlier than 8.00
> Versions of MS Outlook Express no earlier than 4.01

> How to install
> Run attached file q216309.exe

> How to use
> You don't need to do anything after installing this item.

> For more information about these issues, read Microsoft
> Security Bulletin
> MS02-005, or visit link below.
> http://www.*-*-*.com/
> ult.asp
> If you have some questions about this article contact us at

> Thank you for using Microsoft products.

> With friendly greetings,
> MS Internet Security Center.
> ----------------------------------------
> ----------------------------------------
> Microsoft is registered trademark of Microsoft Corporation.
> Windows and Outlook are trademarks of Microsoft
> Corporation.

Sun, 29 Aug 2004 20:14:50 GMT  
 [ 1 post ] 

 Relevant Pages 

1. virus in security message purporting to be from MS

2. alleged latest security updates. VIRUS attached

3. virus from ms-security website disabled Norton Antivirus

4. Virus in attached files

5. Virus in attached files

6. Sending SMTP message from Tcl with attached HTML file using MIME

7. Programmatically Attaching Files to MS Excha

8. Hoax AOL Virus

9. Virus hoaxes


11. Fw: Major Virus Warning -- Is a Hoax

12. Hoax virus - how do I recover?


Powered by phpBB® Forum Software