[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Another noxious M$ trojan

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Another noxious M$ trojan
From: "Gregory A. Gilliss" <ggilliss@netpublishing.com>
Date: Wed, 19 Nov 2003 18:22:12 -0800

Hello all:

Heads up - I received this in my mailbox this afternoon (Wednesday PST). 

Headers:

From qwm@dns.njuct.edu.cn  Wed Nov 19 16:51:17 2003
Received: from dns.njuct.edu.cn (dns.njuct.edu.cn [202.119.248.66])
        by netpublishing.com (8.12.9p1/8.11.3) with ESMTP id hAK0pD8R098529
        for <ggilliss@netpublishing.com>; Wed, 19 Nov 2003 16:51:14 -0800 (PST)
        (envelope-from qwm@dns.njuct.edu.cn)
Received: from zevvf ([202.119.246.91]) by dns.njuct.edu.cn
          (Post.Office MTA v3.5.3 release 223 ID# 0-12345L500S10000V35)
          with SMTP id cn; Tue, 18 Nov 2003 20:47:26 +0800
FROM: "Microsoft Corporation Network Security Center" <fwjgjwa_ywbwi@lb.redirect
.msnbc.com>
TO: "MS Corporation User" <fxlq-jwrroi@lb.redirect.msnbc.com>
SUBJECT: New Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="xqciegkfiiol"
Date: Tue, 18 Nov 2003 20:47:26 +0800

Partial text:

MS User

this is the latest version of security update, the
"November 2004, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to continue keeping your computer secure
from these vulnerabilities, the most serious of which could
allow an malicious user to run executable on your computer.
This update includes the functionality of all previously released patches.

Attachment:

update1991.exe                     [applica/x-msdownlo, base64, 140K]

Since I run UNIX, I cannot run this through a windows virus scanner.
I did check Symantec and there's no listing for update1991.exe. Anyone
wants the noxious binary, email me off list and I will post it somewhere 
publicly accessible.

G

-- 
Gregory A. Gilliss, CISSP                              E-mail: greg@gilliss.com
Computer Security                             WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Another noxious M$ trojan
  - From: Valdis.Kletnieks@vt.edu
- Re: [Full-Disclosure] Another noxious M$ trojan
  - From: ":-)" <nirt_speed@yahoo.com>

Prev by Date: [Full-Disclosure] .hta virus analysys
Next by Date: Re: [Full-Disclosure] .hta virus analysys
Previous by thread: Re: [Full-Disclosure] .hta virus analysys
Next by thread: Re: [Full-Disclosure] Another noxious M$ trojan
Index(es):
- Date
- Thread