M$ vulnerability question

Blake Barnett plug-discuss@lists.plug.phoenix.az.us
13 Mar 2002 16:11:26 -0700


There was a post to BugTraq about this a couple days ago.  Do NOT open
the attachment.  Here is a snippet from a BugTraq Post:

Indeed folks should be careful - this would be the result of the
mass-mail vector propagated by W32/Gibe@MM-infected systems.

This virus (which incidentally drops a Trojan backdoor when it is
activated) was identified by the various AV vendors last week.

NAI - http://vil.nai.com/vil/content/v_99377.htm
Symantec - http://www.symantec.com/avcenter/venc/data/w32.gibe@mm.html
Sophos - http://www.sophos.com/virusinfo/analyses/w32gibea.html
F-Secure - http://www.europe.f-secure.com/v-descs/gibe.shtml
Others -
http://www.google.ca/search?q=W32%2FGibe@MM&hl=en&btnG=Google+Search&meta=

Alex Arndt, GCIA



On Wed, 2002-03-13 at 15:25, John (EBo) David wrote:
> 
> I'm not trying to start another flame war, so please do not start...
> 
> I was seriously wondering if everyone else is getting the following
> message including the attachment.  I've got 4 seperate copies in my
> inbox, and got to thinking that I wonder if the attachment might
> actually be a virus.  It would be trivial for someone to attach a virus
> and spoof the header and use that to ship/install a trojan/worm/virus.
> 
> As I NEVER run any attachments except those from REALLY trusted
> individuals, I thought I would ask what you all know of this one.  Do
> you really think this is lagit?
> 
>   EBo --
> 
> > Microsoft Customer,
> > 
> >      this is the latest version of security update, the 
> > known security vulnerabilities affecting Internet Explorer and 
> > MS Outlook/Express as well as six new vulnerabilities, and is 
> > discussed in Microsoft Security Bulletin MS02-005. Install now to 
> > protect your computer from these vulnerabilities, the most serious of which 
> > could allow an attacker to run code on your computer.
> > 
> > 
> > Description of several well-know vulnerabilities:
> > 
> > ...
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-- 
Blake Barnett (bdb)  <blake.barnett@developonline.com>
Sr. Unix Administrator
DevelopOnline.com                 office: 480-377-6816

Learning is a skill, you get better at it with practice.