steven lee

Attached Files

INSTALLER645.zip (0, 0 views)

jim

Here's some info about this from MS.public.security.virus
.................................................. .................................................. ....

This worm has two main effects, and some secondary effects


I. Main effects

A. It infects vunerable systems and networks.

B. It generates a FLOOD of infected e-mail that is sent to e-mail
addresses it harvests from infected machine and networks. These infected
e-mails are of two types

1. An HTML message that looks like a legitimate Microsoft Security
Bulletin; the hotlinks in this message are valid Microsoft links, and will
even lead you to a description that will allow you to identify this e-mail
as bogus. The message has an attached 104 KByte file that contains the
worm. If you don't have all appropriate Microsoft security patches and
Service Packs installed, it may be possible for your system to be infected
EVEN IF YOU DON'T OPEN THE MESSAGE. So far, the body of this message is
always the same, though the Subject and From lines differ widely. This
message, so far can be easily be blocked by detecting the string 'Run
attached file' in the body ( in fact, it would be a good practice to
consider ANY e-mail that contains this string AND has an attachment to very,
very likely to carry an infection.

2. A plain text message that purports to be a notification of an
'Undeliverable e-mail', with an attachment that purports to be a copy of the
undeliverable e-mail; this attached file is 104 KBytes long and contains the
worm. The Subject line, From line, and body present in thousands of
combinations, and probably will continue to mutate. Even worse, real e-mail
addresses harvested from infected systems and networks are tagged onto this
type of message, causing one of the secondary effects.

II. Secondary effects
A. Spam effect
1. Mailboxes with an e-mail address that has been harvested from
infected systems and networks begin to be flood with infected e-mail.
[Personal example: my machines are not infected, but this worm began to
flood my mailbox 17SEP03. I now receive more than 1500 infected e-mail
messages per day. I must empty my mailbox every 5 minutes, 24/7 to avoid
the possibility of having legitimate e-mail bounced. I had to install an
application just to segregate the the cleaned, previously infected e-mail
from legitimate e-mail (standard spam blockers can't do this.)
B. Notifications from mail services that DO scan for infected
messages, but unfortunately do not realize that the e-mail addresses given
for the sender are either bogus or e-mail addresses harvested by the worm.
Thus, completely innocent mailboxes have insult added to injury.

****

What can you do locally as an individual (i.e. in as SmallOfficeHome
environment, and /or as a recreational user)?
#1. You can use a remote virus scan from one of the antivirus program
publishers
THEN
#2. You can remove any infections discovered
THEN
#3. You install a good antivirus program, keep it active, keep the virus
definitions up-to-date (at the moment you should update these definitions
EVERY day), and set to scan all incomming e-mails and downloads.
THEN
#4. You can install all appropriate Microsoft security patches and Service
Packs.
THEN
#5. You can consider additional security (DCHP server, firewall, boric acid
[for roaches], .....

If you begin to be flooded with these infected messages, COMPLAIN to your
ISP; sent them this URL
http://xtra.co.nz/products/0,,8969,00.html of an ISP that scans incomming
e-mail before passing it to a mailbox. Ask for an increased in mailbox size
(if you are getting 1500 of these infected e-mails per day, you will need a
mailbox size over 150 MBytes just to avoid the necessity of completely
emptying it EVERY DAY. Ask about the implict duty of the ISP to provide
reliable e-mail service, and if they have received notification of any
pending class actions you might join. Ask if they will unbundle their
services so you can opt out of e-mail service save that cost. That's about
all you can do about the e-mail flood; only your ISP or other e-mail
provider can come close to solving this problem.

When the e-mail flood becomes too painful, find an ISP or other e-mail
provider that DOES scan and discard infected e-mail before passing it to
your mail box, and then chane to that ISP and/or e-mail provider. Changing
your e-mail address is no solution; as soon as your new e-mail addres is
harvested from an infected system or network, the problem starts again.

When a mailserver is scanning and not just deleting infected e-mail, but is
also sending an e-mail to notify the sender, write the administrator a nasty
note asking them to stop sending these notices.

****
That's about it; you can proof your system agains infection, but only
changes at the mailserver level can stop reception of flood of infected
e-mails and increasing numbers of inappropriate notices that you've sent
infected e-mail.

Phil Weldon, pweldon@mindspring.com


"Steven Lee " <sraojycgfuvbvb@frspx.net> wrote in message news:bkruhb$mla$1@reader01.singnet.com.sg...
Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home


Microsoft Partner

this is the latest version of security update, the "September 2003, ***ulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to continue keeping your computer secure. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility

Attached Images

	1.gif (3.6 KB, 0 views)
	2.gif (359 Bytes, 0 views)

fred waiss, sr.

Thanks, guys. Yesterday I contacted my ISP because e-mails I knew had been
sent were not coming thru--just those "few" microsoft spams. They checked &
I had over 1200 e-mails in their box & my Outlook couldn't get anything. I
had to go in and delete 1200 msgs--most with 146-160 KB attachments.
Unfortunately I still can't get anything thru--my server breaks connection
just like it was before. I gues they'll get another call this afternoon...


Here's some info about this from MS.public.security.virus
.................................................. ...........................
...........................

This worm has two main effects, and some secondary effects


I. Main effects

A. It infects vunerable systems and networks.

B. It generates a FLOOD of infected e-mail that is sent to e-mail
addresses it harvests from infected machine and networks. These infected
e-mails are of two types

1. An HTML message that looks like a legitimate Microsoft Security
Bulletin; the hotlinks in this message are valid Microsoft links, and will
even lead you to a description that will allow you to identify this e-mail
as bogus. The message has an attached 104 KByte file that contains the
worm. If you don't have all appropriate Microsoft security patches and
Service Packs installed, it may be possible for your system to be infected
EVEN IF YOU DON'T OPEN THE MESSAGE. So far, the body of this message is
always the same, though the Subject and From lines differ widely. This
message, so far can be easily be blocked by detecting the string 'Run
attached file' in the body ( in fact, it would be a good practice to
consider ANY e-mail that contains this string AND has an attachment to very,
very likely to carry an infection.

2. A plain text message that purports to be a notification of an
'Undeliverable e-mail', with an attachment that purports to be a copy of the
undeliverable e-mail; this attached file is 104 KBytes long and contains the
worm. The Subject line, From line, and body present in thousands of
combinations, and probably will continue to mutate. Even worse, real e-mail
addresses harvested from infected systems and networks are tagged onto this
type of message, causing one of the secondary effects.

II. Secondary effects
A. Spam effect
1. Mailboxes with an e-mail address that has been harvested from
infected systems and networks begin to be flood with infected e-mail.
[Personal example: my machines are not infected, but this worm began to
flood my mailbox 17SEP03. I now receive more than 1500 infected e-mail
messages per day. I must empty my mailbox every 5 minutes, 24/7 to avoid
the possibility of having legitimate e-mail bounced. I had to install an
application just to segregate the the cleaned, previously infected e-mail
from legitimate e-mail (standard spam blockers can't do this.)
B. Notifications from mail services that DO scan for infected
messages, but unfortunately do not realize that the e-mail addresses given
for the sender are either bogus or e-mail addresses harvested by the worm.
Thus, completely innocent mailboxes have insult added to injury.

****

What can you do locally as an individual (i.e. in as SmallOfficeHome
environment, and /or as a recreational user)?
#1. You can use a remote virus scan from one of the antivirus program
publishers
THEN
#2. You can remove any infections discovered
THEN
#3. You install a good antivirus program, keep it active, keep the virus
definitions up-to-date (at the moment you should update these definitions
EVERY day), and set to scan all incomming e-mails and downloads.
THEN
#4. You can install all appropriate Microsoft security patches and Service
Packs.
THEN
#5. You can consider additional security (DCHP server, firewall, boric acid
[for roaches], .....

If you begin to be flooded with these infected messages, COMPLAIN to your
ISP; sent them this URL
http://xtra.co.nz/products/0,,8969,00.html of an ISP that scans incomming
e-mail before passing it to a mailbox. Ask for an increased in mailbox size
(if you are getting 1500 of these infected e-mails per day, you will need a
mailbox size over 150 MBytes just to avoid the necessity of completely
emptying it EVERY DAY. Ask about the implict duty of the ISP to provide
reliable e-mail service, and if they have received notification of any
pending class actions you might join. Ask if they will unbundle their
services so you can opt out of e-mail service save that cost. That's about
all you can do about the e-mail flood; only your ISP or other e-mail
provider can come close to solving this problem.

When the e-mail flood becomes too painful, find an ISP or other e-mail
provider that DOES scan and discard infected e-mail before passing it to
your mail box, and then chane to that ISP and/or e-mail provider. Changing
your e-mail address is no solution; as soon as your new e-mail addres is
harvested from an infected system or network, the problem starts again.

When a mailserver is scanning and not just deleting infected e-mail, but is
also sending an e-mail to notify the sender, write the administrator a nasty
note asking them to stop sending these notices.

****
That's about it; you can proof your system agains infection, but only
changes at the mailserver level can stop reception of flood of infected
e-mails and increasing numbers of inappropriate notices that you've sent
infected e-mail.

Phil Weldon, pweldon@mindspring.com
"me" <m@e.com> wrote in message news:0fb201c38256$d288e0d0$a301280a@phx.gbl...


"Steven Lee " <sraojycgfuvbvb@frspx.net> wrote in message
news:bkruhb$mla$1@reader01.singnet.com.sg...
Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home


Microsoft Partner

this is the latest version of security update, the "September 2003,
***ulative Patch" update which resolves all known security vulnerabilities
affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as
three new vulnerabilities. Install now to continue keeping your computer
secure. This update includes the functionality of all previously released
patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
RecommendationCustomers should install the patch at the earliest
opportunity.
How to installRun attached file. Choose Yes on displayed dialog box.
How to useYou don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found
on the Microsoft Technical Support web site. For security-related
information about Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail
address and we are unable to respond to any replies.


The names of the actual companies and products mentioned herein are the
trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy
Statement | Accessibility

fred waiss, sr.

...Which I just did. The server had over 400 msgs in less than 24
hrs. I had my ISP delete 'em all--even the ones I wanted to keep.
Fortunately I can contact my buds & ask 'em to resend. My ISP has no filter
yet, but they're expecting to install very soon, according to their
newsletter. Keeping my fingers crossed...


e-mail