1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Fake Microsoft email with virus

Discussion in 'Virus & Other Malware Removal' started by Mike McBain, Sep 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Mike McBain

    Mike McBain Thread Starter

    Joined:
    Oct 27, 2001
    Messages:
    398
    Can anyone supply an email address so I can forward the following (without the virus attachment) to someone that may be able to track down and stop the distribution?
    It came with all the formatting and looked like the real thing.
    Thanks Mike.

    rom: "Microsoft" <[email protected]>
    To: "Commercial Consumer" <[email protected]>
    SUBJECT: New Internet Patch
    Date: Fri, 19 Sep 2003 19:05:22 +1000 (EST)

    Microsoft All Products | Support | Search | Microsoft.com Guide
    Microsoft Home
    []

    MS Consumer

    this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.


    [] System requirements Windows 95/98/Me/2000/NT/XP
    [] This update applies to MS Internet Explorer, version 4.01 and later
    MS Outlook, version 8.00 and later
    MS Outlook Express, version 4.01 and later
    [] Recommendation Customers should install the patch at the earliest opportunity.
    [] How to install Run attached file. Choose Yes on displayed dialog box.
    [] How to use You don't need to do anything after installing this item.

    Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

    Thank you for using Microsoft products.

    Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

    The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

    Contact Us | Legal | TRUSTe
    ©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility
     
  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Mike
    I do not have what you ask for but here is info on the subject. It seems the virus also is supplying information too infection count back to a website so the creator my be tracked back from there.

    Article One

    Article Two

    Dave
     
  3. starchild

    starchild

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    For the past 2 days I've been getting various versions of this microsoft patch virus email, in Outlook Express, 20-23 at a time.

    I had been getting one every few days for around 8 months, I think since I subbed to a newsgroup.

    This morning, after I deleted 22 of them, I got 93 more in, and after that 72. I kept bringing up SEND/RECEIVE and clicked "stop", but then thought it might back up the server (Earthlink).

    Apparently this is something new, someone sending and resending these (microsoft emails) and, as I've read, keeping track of it on a website somewhere.

    The story I read about it said it was only in Europe, but was sure to spread elsewhere, as it seems to have done.

    I have OE set to not let in attachments, so it was mainly the bother of getting rid of the emails. Before I let the last 72 download, Earthlink (my ISP) must have done something, because it turned out to be only 8. And no more since.

    I got quite a few in Yahoo, which went into the junk mail folder, but not as many as the over 200 from this morning!

    ~ Carrie
     
  4. 1trueshadow

    1trueshadow

    Joined:
    Jun 1, 2003
    Messages:
    86
    as well as the E-mail and Virus, I am receving "error sending" emails, stating that the mail I sent (I never sent any email) could not be deleverd. These emails where to what looks very much like fake accounts. I Will keep you all posted on what I find out about these E-mails. They just might lead to the guy that made this virrus!
     
  5. starchild

    starchild

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    Yeah, I've been getting these, too.

    I keep checking my Yahoo email, where I'm still getting a few in every now and then. But, since they have attachments and are large it puts my email overquota.

    I suppose it will stop after awhile.

    I think Earthlink must have done something about it, because I haven't gotten anymore in my Outlook Express mail.

    ~ Carrie
     
  6. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    Mike, unfortunately there is very little you can do. I would just try and block the addresses they are coming in from with rules/filters and not open any attachments. You could always send the AV companies a copy, but the Big Three will probably have gotten wind of it by now, as will have most folk.

    Sucks, doesn't it?
     
  7. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    Trouble is that there is no sigle source or group. Rather, this virus is being sent from infected machines and as more get infected, the domain of senders {unknown to the senders} grows exponentially! As Corrosive said "Sucks,doesn't it?"
     
  8. Baby-Bug

    Baby-Bug

    Joined:
    Jul 18, 2003
    Messages:
    492
    It appears its just the next e-mail virus to hit us, same happened with the W32.SobigF virus, at least when I see the little envelope flashing on the bottom of my screen I feel loved...
    Even if it is all deletable poop thats trying to infect me with something....
    In with Anger out with Love :eek: :D
     
  9. starchild

    starchild

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I'm still getting it in, at the rate of 50 or 60 per hour. I stopped having OE check for new emails in a time period, so I can click SEND/RECEIVE and get them in, watching to see if there's any mail I might want in it.

    I could set up a rule not to let in any mail with "microsoft" in the subject, but what if it's something legit? (I mean about the virus).

    I also notice some of the subjects don't mention this, now they're saying "system administrator" or "returned mail".

    This morning I sent a few emails back to people (you can find their address in source or header) telling them about it, and got one back today thanking me. Said they didn't know they had the virus, and were fixing it.

    So, I then decided to let everyone know, and sent out maybe 20 more emails, before I gave up. What I noticed is, a lot of it's comcast, bellsouth, telnet. And seems like each person (address) sends out several, with different subjects. like person A will send out 5 (not at the same time, spaced) with 5 different subject lines. B will also, etc.

    Don't know what that means, just that the virus must be renaming the subject line, and sending the SAME email (msn virus page) under different names.

    Of course, even the most computer/virus illiterate person might notice getting 60 emails about a microsoft patch, all at the same time and think something isn't right.

    That's one good part of it.

    But it sure does spread, doesn't it?

    Letting people know they have it, might help. If we have time and patience to do it. You can't just send it back because it's a fake msn address.

    I wonder what MSN is saying about this? Months ago when we wrote about it here (the original "patch" email) someone wrote to MSN and was told it was probably an important patch and to open it and put it in! Even though elsewhere on their site they say it's a virus and they never send attachments...

    Reassuring :)

    ~ Carrie
     
  10. Corrosive

    Corrosive

    Joined:
    Jan 9, 2003
    Messages:
    1,058
    You actually emailed folk saying that they had the virus? Geez, you are brave! The last time I did that, I got a few rather scornful replies along the lines of "How dare you accuse me of sending you a virus!" They had worse language in them of course, nothing a 16 year old would want to be hearing. The *******s... :D

    Don't be so sure! My sister had about 30 identical emails in her hotmail account and almost downloaded the attachments. Luckily, she called me over before she did so. The point is, although my sister is very intelligent (she does get rather good marks in school, especially in computing), common-sense, for some reason, goes completely out the window when it comes to email.

    Microsoft are rather good at that. The entire corporation seems to depend soley on luck to get things done, because internal communications are dreadful!

    Anyway, end of rant.

    PS: Has there been any coverage on TV yet? This is spreading pretty damn fast...
     
  11. Chuffy

    Chuffy

    Joined:
    Jul 17, 2002
    Messages:
    256
    Glad I found this post this has been driving me nuts. :mad:

    I am getting the MSN message and the undelivered e-mail message up to about 30 a day now.
    I have e-mailed everyone in my address book to tell them to check their system as I assume it is coming from an address book with me in it.

    I'll just sit back and wait for the hail of abuse.:D

    Norton tells me it is Worm.Automat.AHB that is causing the problem but there isn't a lot of info on their site about it.
     
  12. Mike McBain

    Mike McBain Thread Starter

    Joined:
    Oct 27, 2001
    Messages:
    398
    Thanks everyone for sharing your comments it does help knowing that I am not alone in receiving these things.

    However my original point was - Does anyone have an email address for Microsoft or for some sort of virus policing organisation?

    Keep smiling

    Mike from Tasmania
     
  13. 1trueshadow

    1trueshadow

    Joined:
    Jun 1, 2003
    Messages:
    86
    all the organizations that need to be informed already know of the situation. Giving them more e-mails to sort though wont help matters. But, if you are truely insistent on sending this information to someone then try sending it to www.symantec.com though their feedback forms.

    Once again, the wheels are already in motion. Just sit back, relax and clear your inbox once in a while. Just like Isabel, it will blow over soon.
     
  14. starchild

    starchild

    Joined:
    Sep 17, 2002
    Messages:
    2,111
    I'm still downloading and deleting 60 or so emails every few hours from OE. I check Yahoo every few hours and it's over quota (they go into bulk mail there, but it still counts). I think I'm getting so many because of being subbed to a newsgroup.

    Just now I went to OE and it said it couldn't connect with the server (Earthlink) so I'm thinking they are either doing something, or overwhelmed.

    As to writing back and telling people they have a virus, I did think of that (them not liking it) so I do it very tactfully. I put in the subject line "your computer is sending a virus" and inside "just letting you know in case you weren't aware of it".

    So far, nothing bad back, but a few thank yous, from ones I sent yesterday (from people who hadn't known it and now feel they have gotten it cleared up)

    I figured just deleting them isn't going to help (overall) if people have it and don't know it.

    I also considered the fact the virus would send my email back to me (with the virus again), I was on a group once where this happened, people were trying to tell one person she had a virus, and the virus wasn't letting it through, just sending another one back.

    So far a few have come back (with the virus again).

    I know when I first started getting the Microsoft patch (maybe 6-8 months ago) and asked about it here, I couldn't find an address to write to MSN about. Someone on this board did (and was told it was okay to go ahead and install it :)

    My daughter asked me why the servers can't just block these emails, but I think they can't because they're coming from all different senders (even though they say Microsoft in the return line on the email) and they have a few different subject lines. So, they're not all the same.

    I could block them in OE by setting up a message rule that blocks all emails with "microsoft" in the subject line, but there are others without it.

    Yeah, just like Isabel- wait it out (I live in Northern VT and wasn't effected by it at all, but grew up north of Boston and went through several hurricanes in my life. From the 50's on)

    Oh, Mike in Tasmania... I know a Mike in Tasmania, too. (writes on the newsgroup I belong to) Different last name, and different birthday (I looked at your profile here to check). The one I know works for (and takes courses at) the University of Tasmania.

    I've told him he's the only person I've ever known in Tasmania.

    Now, I not only know two, but they're both named Mike :)

    Corrosive, you are only 16! Of course, young people are pretty smart with computers/internet. I have two grandsons who are almost 16 (actually I have a grandaughter who is 22 and a mother).

    The internet makes the world a lot smaller.

    And it makes waiting out spamming viruses less annoying to have someone else to talk to about it.

    I haven't seen much about the virus on the news, just a short blub about it on one of our local newscasts last night. I don't want the news too much, if I can help it. And I think they were talking about it on tech TV. I noticed it in passing.

    Maybe they don't want to give the person(s) who started it any free publicity. If they really have a website that is counting the infected computers, wouldn't this make it easier to track them down?
    ~ Carrie
     
  15. Mike McBain

    Mike McBain Thread Starter

    Joined:
    Oct 27, 2001
    Messages:
    398
    Thanks Starchild

    I am trialling an impressive New Zealand developed program called Mailwasher which may be worth looking at for the longer term.

    It has a free 30 day trial period.

    Tasmania has a population of 480,000 and you know two Mike's - not statistically signinficant but interesting. The nearest people I know to Boston are all in North Carolina.

    Cheers

    Mike.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/165888

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice