Strange E-Mail from Microsoft... Virus?!

Discussion in 'Windows Desktop Systems' started by Nedreplan, Aug 28, 2003.

  1. Nedreplan

    Nedreplan Guest

    I just received an e-mail from Microsoft which says:

    "Dear friend , use this Internet Explorer patch now!
    There are dangerous virus in the Internet now!
    More than 500.000 already infected!"

    And with it is a file called "Patch.exe" Size: 9.48 kb

    The sender is: security@microsoft.com

    but if I look at the source of the E-mail it says:
    Return-Path: <admin@duma.gov.ru>
    the the very top...

    For me this is VERY suspicious...

    So.. what do you think?? MSBlast?, sobig...or?? :p

    I have not opened the letter just pre-viewing it without touching the "Patch.exe"-file.
     
  2. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Delete the mail. You could always download the official RPC patch from Microsoft's site, if you haven't done so already.
     
  3. Teddy

    Teddy Boogie Nights...!

    Messages:
    1,551
    Location:
    London, UK
    Virus (or similar) without a doubt.

    Get rid of is sharpish!!
     
  4. Nedreplan

    Nedreplan Guest

    Got rid of it..:)
    And I will out of safty run the Symantec "FixBlast"

    Are some people so bored so they sit and create viruses just to mess up other peoples lifes?..!..*wondering*
    I was at my sister's house yesterday and got rid of a MsBlast they had on the computer...it kept restarting so I was very suspicious...

    Thanks !!! :)
     
  5. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    Damn. You should have quaranteed the email and contacted Macafee or Norton and asked if they wanted the email. They are constantly looking for new viruse threats.

    Oh well, maybe next time.
     
  6. Nedreplan

    Nedreplan Guest

    Bummer!!!
    I did not know that.
    Yes, I should have done so.
    Only way to crack these losers who makes these viruses if we all work togheter.....
     
  7. Nedreplan

    Nedreplan Guest

    By the way..
    I was talking to a friend of mine on the phone, and he have recieved the same message as I did.
    The virus is: W32.Dumaru@mm

    There is a fix for it on http://www.symantec.com, under "Download Virus Removal Tool"
    There you can find others, for other type of viruses.
    But of course... nothing is as good as having a full anti-virus program installed... and frequently updated, especially now.

    http://securityresponse.symantec.com/avcenter/tools.list.html

    "W32.Dumaru@mm is a mass-mailing worm that drops an IRC Trojan onto the infected machine. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.

    The email has the following characteristics:

    From: "Microsoft" <security@microsoft.com>
    Subject: Use this patch immediately !
    Message:
    Dear friend , use this Internet Explorer patch now!
    There are dangerous virus in the Internet now!
    More than 500.000 already infected!
    Attachment: patch.exe

    The worm will also infect exe files on NTFS partitions.

    This threat is written in the Microsoft Visual C++ programming language and is compressed with UPX.

    Symantec Security Response has created a tool to remove W32.Dumaru@mm.


    Also Known As: PE_DUMARU.A [Trend], Win32.Dumaru [CA], W32/Dumaru@MM [McAfee], W32/Dumaru-A [Sophos], I-Worm.Dumaru [KAV]

    Type: Worm
    Infection Length: 9,216 bytes

    NOTE: This file is not viral by itself, and therefore, Symantec antivirus products do not detect this file. Manually delete it if your system is infected with this worm.

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
    Systems Not Affected: Linux, Macintosh, OS/2, UNIX"
     
  8. Enyo

    Enyo Moderator

    Messages:
    1,338
    [​IMG]

    What does this tell you :)

    Many worms use this method, users are very much taken in by emails seemingly from MS or "Administrator" :rolleyes: As above Dumaru is doing the rounds and you can see it in the screenshot above.

    Microsoft Policies on Software Distribution
     
  9. Tiesto

    Tiesto OSNN Addict

    Messages:
    112
    Damn Enyo, that sucks. I dont think I have gotten one piece of spam mail in my email relating to Blaster or any of these new worms. Horray for encrytped email and junk filters :D
     
  10. Enyo

    Enyo Moderator

    Messages:
    1,338
    Yea it does suck, but it's not my inbox!
     
  11. Tiesto

    Tiesto OSNN Addict

    Messages:
    112
    Oh, haha sucks for that guy then.