Computer Services

Tel 650.548.1010
Burlingame, CA USA


Fake Microsoft Email Update with Virus Payload Attached!

Revised on

Originally posted on October 4th, 2003

Look Out for this Sucker!

I have been getting reports of a email that's been circulating around the net that look like a authentic Microsoft Updates. The email(s) even looks like it came from MS at first glance... and if you look carefully, it's got an attachment with a .EXE extension (this is the real giveaway).

The attachment in the email contains (most of the time) the W32.Swen.A@mm virus.

If you receive this in your inbox delete it!

What can you do about it? Keep your virus software up to date or get a email scanning service like SpamArrest or Matador.

If you downloaded the attachment and ran it, here's a link to Symantec's website that gives details about the virus and how to clean it.

Here's an example header for you techies out there...

Return-Path: <>
Received: from ([])
Received: from qgjcdigd ( [])
by (8.12.8/8.12.8) with SMTP id h93IoIUl073090;
Fri, 3 Oct 2003 08:50:58 -1000 (HST)
Date: Fri, 3 Oct 2003 08:50:58 -1000 (HST)
Message-Id: <>
FROM: "Customer Services" <>
TO: "Microsoft User" <>
SUBJECT: New Internet Critical Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="tkvzwmdk"

and here's a pic of the actual email





Links and Stuff

Symantec's Virus Search Website

The Real Microsoft Update website | 1675 Rollins Road, Suite B2 | Burlingame | California | 94010 | 650.548.1010