Fake Microsoft Email Update
with Virus Payload Attached!
Originally posted on October
Look Out for this Sucker!
I have been getting reports of
a email that's been circulating around the net that look like
a authentic Microsoft Updates. The email(s) even looks like it
came from MS at first glance... and if you look carefully, it's
got an attachment with a .EXE extension (this is the real giveaway).
The attachment in the email contains
(most of the time) the W32.Swen.A@mm virus.
If you receive this in your inbox
What can you do about it? Keep
your virus software up to date or get a email scanning service
If you downloaded the attachment
and ran it, here's a link to Symantec's website that gives details
about the virus and how to clean it.
Here's an example header for
you techies out there...
Received: from ns.cuhawaii.net ([126.96.36.199])
Received: from qgjcdigd (cuh-92-pm34.cuhawaii.net [188.8.131.52])
by ns.cuhawaii.net (8.12.8/8.12.8) with SMTP id h93IoIUl073090;
Fri, 3 Oct 2003 08:50:58 -1000 (HST)
Date: Fri, 3 Oct 2003 08:50:58 -1000 (HST)
FROM: "Customer Services" <firstname.lastname@example.org>
TO: "Microsoft User" <email@example.com>
SUBJECT: New Internet Critical Patch
Content-Type: multipart/mixed; boundary="tkvzwmdk"
and here's a pic of the actual