[TriLUG] I'm getting flooded

Richard O. Hammer ROHammer at EarthLink.net
Fri Sep 19 16:33:03 EDT 2003


Mike Mueller wrote:
> I'm getting flooded with crap from the new worm-of-the-month.  Most ever.  
> It's only coming in on my mail-list account.  Anybody else seeing similar 
> stuff?

During the last 30 hours I've received maybe 20 messages which purport 
to be an update package from Microsoft, messages which look suspicious 
to me.  I'll copy the beginning of one of these below.

Rich Hammer
Hillsborough


<beginning of suspect message>
X-UIDL: 1a0lbP7eR3NZFjX0
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Status:  U
Return-Path: <sunshine20 at videotron.ca>
Received: from VL-MO-MR001.ip.videotron.ca ([24.201.245.36])
	by robin (EarthLink SMTP Server) with ESMTP id 1a0lbP7eR3NZFjX0
	for <rohammer at earthlink.net>; Fri, 19 Sep 2003 06:20:49 -0700 (PDT)
Received: from aivnbhnf ([24.200.195.2]) by VL-MO-MR001.ip.videotron.ca
  (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
  with SMTP id <0HLG00ME0QCR6W at VL-MO-MR001.ip.videotron.ca> for
  rohammer at earthlink.net; Fri, 19 Sep 2003 09:19:44 -0400 (EDT)
Date: Fri, 19 Sep 2003 09:19:39 -0400 (EDT)
Date-warning: Date header was inserted by VL-MO-MR001.ip.videotron.ca
From: MS Corporation Security Assistance 
<ntngoh_kvwdafl at support_microsoft.net>
Subject: Newest Internet Security Upgrade
To: Commercial Customer <customer.bpjcicj at support_microsoft.net>
Message-id: <0HLG00ME1QCR6W at VL-MO-MR001.ip.videotron.ca>
MIME-version: 1.0
Content-type: multipart/mixed; 
boundary="Boundary_(ID_pPzd0M4dpFHIEKJxtAlLmQ)"


--Boundary_(ID_pPzd0M4dpFHIEKJxtAlLmQ)
Content-type: multipart/related; type="multipart/alternative";
  boundary="Boundary_(ID_OhttXH4zIExADOSDRp0QuQ)"


--Boundary_(ID_OhttXH4zIExADOSDRp0QuQ)
Content-type: multipart/alternative;
  boundary="Boundary_(ID_D+ONldru0uQrfUz4JJykHA)"


--Boundary_(ID_D+ONldru0uQrfUz4JJykHA)
Content-type: text/plain; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT

Microsoft Customer

this is the latest version of security update, the
"September 2003, Cumulative Patch" update which resolves
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an malicious user to run executable on your computer.
This update includes the functionality of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
  - MS Internet Explorer, version 4.01 and later
  - MS Outlook, version 8.00 and later
  - MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest 
opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.


Microsoft Product Support Services and Knowledge Base articles can be 
found on the Microsoft Technical Support web site.
http://support.microsoft.com/

For security-related information about Microsoft products, please 
visit the Microsoft Security Advisor web site
http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to 
respond to any replies.

----------------------------------------------
The names of the actual companies and products mentioned herein are 
the trademarks of their respective owners.

--Boundary_(ID_D+ONldru0uQrfUz4JJykHA)
Content-type: text/html; CHARSET=US-ASCII
Content-transfer-encoding: 7BIT

<HTML>
<HEAD>
<style type='text/css'>.navtext{color:#ffffff;text-decoration:none}
</style>
</HEAD>


</beginning of suspect message>




More information about the TriLUG mailing list