Microsoft Security Bulletin

I received an email this morning (9-18-03) from "MS
Network Security Division". The subject line
said "Latest Microsoft Security Upgrade". It came with a
106 KB attachment "Q254952.exe". Now, my concern is it's
been scanned by Norton and no virus was detected. I'm
NOT going to open this attachment but would like to know
if anyone else has received something like this? It
looks like a typical MS page from their web site. Very
convincing...Any information would be helpful. Thanks!
Carol

Ernie
Thu Sep 18 12:48:42 CDT 2003

I've received essentially the same email but the
attachment is named differently update24.zl9. I
downloaded it and now it prevents my Norton anti-virus
software and Zone Alarm firewall software from initiating
due to a memory access error. My recommendation is not to
bother with it. The problems after downloading are a
bigger issue than the security concern.

>-----Original Message-----
>I received an email this morning (9-18-03) from "MS
>Network Security Division". The subject line
>said "Latest Microsoft Security Upgrade". It came with a
>106 KB attachment "Q254952.exe". Now, my concern is it's
>been scanned by Norton and no virus was detected. I'm
>NOT going to open this attachment but would like to know
>if anyone else has received something like this? It
>looks like a typical MS page from their web site. Very
>convincing...Any information would be helpful. Thanks!
>Carol
>.
>

Bill
Thu Sep 18 12:57:35 CDT 2003

Yes--I've seen other reports of this today.

Please send the attachment along to your a/v vendor via their submission
procedure, if this thing isn't getting flagged.


"Carol" <the_ikester2u@hotmail.com> wrote in message
news:018801c37e0b$9695de10$a401280a@phx.gbl...
> I received an email this morning (9-18-03) from "MS
> Network Security Division". The subject line
> said "Latest Microsoft Security Upgrade". It came with a
> 106 KB attachment "Q254952.exe". Now, my concern is it's
> been scanned by Norton and no virus was detected. I'm
> NOT going to open this attachment but would like to know
> if anyone else has received something like this? It
> looks like a typical MS page from their web site. Very
> convincing...Any information would be helpful. Thanks!
> Carol

Bharat
Thu Sep 18 12:59:43 CDT 2003

1. Microsoft DOES NOT send Security Bulletins with patches as attachments.
2. Microsoft Security bulletinns are PGP-signed.
3. Microsoft web site is the authentic source for patches.
4. Patches carry digital signatures.

Bharat Suneja

"Carol" <the_ikester2u@hotmail.com> wrote in message
news:018801c37e0b$9695de10$a401280a@phx.gbl...
> I received an email this morning (9-18-03) from "MS
> Network Security Division". The subject line
> said "Latest Microsoft Security Upgrade". It came with a
> 106 KB attachment "Q254952.exe". Now, my concern is it's
> been scanned by Norton and no virus was detected. I'm
> NOT going to open this attachment but would like to know
> if anyone else has received something like this? It
> looks like a typical MS page from their web site. Very
> convincing...Any information would be helpful. Thanks!
> Carol

Sue
Thu Sep 18 13:07:19 CDT 2003

I went to MS site and did a search with neg
results...wouldn't install if I were you.

>-----Original Message-----
>I received an email this morning (9-18-03) from "MS
>Network Security Division". The subject line
>said "Latest Microsoft Security Upgrade". It came with
a
>106 KB attachment "Q254952.exe". Now, my concern is
it's
>been scanned by Norton and no virus was detected. I'm
>NOT going to open this attachment but would like to know
>if anyone else has received something like this? It
>looks like a typical MS page from their web site. Very
>convincing...Any information would be helpful. Thanks!
>Carol
>.
>

Michel
Thu Sep 18 13:15:53 CDT 2003

If this is the same one I saw today, it is a VERY slick example
of social engineering!

Whoever the author is, has taken care to make it look rather
professional, with some valid links.

Compared to others I have seen, it is not surprising that many
might be hook-winked into taking the viral bait!

As stated by everyone, never open any attachments, even received
from friends, unless you are *explicitly* expecting them. And MS
never sends any updates or attachments by email.

- Michel Gallant
MVP Security

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:%23xzpa5gfDHA.2248@TK2MSFTNGP09.phx.gbl...
> Yes--I've seen other reports of this today.
>
> Please send the attachment along to your a/v vendor via their submission
> procedure, if this thing isn't getting flagged.
>
>
> "Carol" <the_ikester2u@hotmail.com> wrote in message
> news:018801c37e0b$9695de10$a401280a@phx.gbl...
> > I received an email this morning (9-18-03) from "MS
> > Network Security Division". The subject line
> > said "Latest Microsoft Security Upgrade". It came with a
> > 106 KB attachment "Q254952.exe". Now, my concern is it's
> > been scanned by Norton and no virus was detected. I'm
> > NOT going to open this attachment but would like to know
> > if anyone else has received something like this? It
> > looks like a typical MS page from their web site. Very
> > convincing...Any information would be helpful. Thanks!
> > Carol
>
>

Lisa
Thu Sep 18 13:45:00 CDT 2003

Received the same thing:

Microsoft Customer

this is the latest version of security update,
the "September 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting MS Internet
Explorer, MS Outlook and MS Outlook Express. Install now
to protect your computer. This update includes the
functionality of all previously released patches.

I came here first and agree that it should not be
downloaded. Microsoft never sends updates to you!

>-----Original Message-----
>I received an email this morning (9-18-03) from "MS
>Network Security Division". The subject line
>said "Latest Microsoft Security Upgrade". It came with a
>106 KB attachment "Q254952.exe". Now, my concern is it's
>been scanned by Norton and no virus was detected. I'm
>NOT going to open this attachment but would like to know
>if anyone else has received something like this? It
>looks like a typical MS page from their web site. Very
>convincing...Any information would be helpful. Thanks!
>Carol
>.
>

Bill
Thu Sep 18 14:54:21 CDT 2003

Carol - this is what I think you have:

http://www.f-secure.com/v-descs/swen.shtml


"Carol" <the_ikester2u@hotmail.com> wrote in message
news:018801c37e0b$9695de10$a401280a@phx.gbl...
> I received an email this morning (9-18-03) from "MS
> Network Security Division". The subject line
> said "Latest Microsoft Security Upgrade". It came with a
> 106 KB attachment "Q254952.exe". Now, my concern is it's
> been scanned by Norton and no virus was detected. I'm
> NOT going to open this attachment but would like to know
> if anyone else has received something like this? It
> looks like a typical MS page from their web site. Very
> convincing...Any information would be helpful. Thanks!
> Carol

Bill
Thu Sep 18 14:55:20 CDT 2003

This is a new Gibe variant:

http://www.f-secure.com/v-descs/swen.shtml

"Lisa R." <lizajane@chartermi.net> wrote in message
news:0d2401c37e14$f7124040$a001280a@phx.gbl...
> Received the same thing:
>
> Microsoft Customer
>
> this is the latest version of security update,
> the "September 2003, Cumulative Patch" update which fixes
> all known security vulnerabilities affecting MS Internet
> Explorer, MS Outlook and MS Outlook Express. Install now
> to protect your computer. This update includes the
> functionality of all previously released patches.
>
> I came here first and agree that it should not be
> downloaded. Microsoft never sends updates to you!
>
> >-----Original Message-----
> >I received an email this morning (9-18-03) from "MS
> >Network Security Division". The subject line
> >said "Latest Microsoft Security Upgrade". It came with a
> >106 KB attachment "Q254952.exe". Now, my concern is it's
> >been scanned by Norton and no virus was detected. I'm
> >NOT going to open this attachment but would like to know
> >if anyone else has received something like this? It
> >looks like a typical MS page from their web site. Very
> >convincing...Any information would be helpful. Thanks!
> >Carol
> >.
> >

Kathy
Thu Sep 18 18:03:51 CDT 2003

Hi,

I wanted to let you know that Microsoft does NOT will
email unsolicited security patches. Any mail you receive
that contains a file saying that it is a patch, or an
emai that says "click here" to receive the patch, etc.
did not come from Microsoft.

Rather, it appears you received the email resulting from
another computer (not yours) being invected by a mass
emailing worm. The two most widely-known are:

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.gibe@mm.html

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/w3
2.dumaru@mm.html

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/news/patch_hoax.asp

Any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. For
easy access, just start WindowsUpdate on your computer
and it will hook to the official Microsoft site to
provide you with access to patches and updates from
Microsoft.

Kathy Prince
Program Manager
Microsoft Support Lifecycle & Security

This posting is provided "AS IS" with no warranties, and
confers no rights.


>-----Original Message-----
>I received an email this morning (9-18-03) from "MS
>Network Security Division". The subject line
>said "Latest Microsoft Security Upgrade". It came with
a
>106 KB attachment "Q254952.exe". Now, my concern is
it's
>been scanned by Norton and no virus was detected. I'm
>NOT going to open this attachment but would like to know
>if anyone else has received something like this? It
>looks like a typical MS page from their web site. Very
>convincing...Any information would be helpful. Thanks!
>Carol
>.
>

control_z
Thu Sep 18 18:49:30 CDT 2003

It's gotta be a virus. I notice you have a Hotmail account. I don't
know if non-Hotmail accounts are getting swamped with this virus or
not, but it keeps filling up my account with ~145K messages,
preventing anyone else from e-mailing me. My normal ISP account
doesn't seem to have any problems.

I made an advanced filter in Hotmail that deletes messages that
don't contain "control_z@hotmail.com" in the To or CC fields. But
that's going to delete some legitimate messages too... I think MS
Hotmail has a BIG problem right now.

-Dan