"Pack71.exe"

Anyone know anything about "Pack71"?

I got an email which appeared to an official Microsoft
mailing in html format with Microsoft header and
everything, from a sender called "Public Assistance". The
text of the message read:

"this is the latest version of security update,
the "February 2004, Cumulative Patch" update which fixes
all known security vulnerabilities affecting MS Internet
Explorer, MS Outlook and MS Outlook Express as well as
three newly discovered vulnerabilities. Install now to
continue keeping your computer secure from these
vulnerabilities, the most serious of which could allow an
attacker to run code on your computer. This update
includes the functionality of all previously released
patches."

The message had an attachment called "Pack71.exe" (106
KB). I am suspicious of ANY email that contains an .exe
attachment. If it was an offical Microsoft email, why
wouldn't the sender simply point the recipient to a web
link to download the latest patch, rather than including
it as an attachment?

I did a search on the web and on Microsoft
for "Pack71.exe" and turned up nothing. I went to
Microsoft's Security web site, ran a security check for
Windows, and it turned up 1 critical update that it needed
(there was no mention of Pack71.exe). After installing
the update, I ran the test again, the install appeared
successful and it told me that "there were no critical
updates to install."

Anybody know of Pack71.exe or where on the web that I can
get information about it?

Sorry about the lengthy post. Any information would be
appreciated.

Thanks,
JA

Dave
Wed Feb 11 12:16:02 CST 2004

you are now infected... probably with the swen virus, and are probably
sending out infected emails as fast as your internet link will go. after
you remove it you need to get a good virus scanner, keep it up to date, let
it scan your incoming mail and delete the infected ones if you aren't going
believe your first hunch and not run the attachments.

"JA" <anonymous@discussions.microsoft.com> wrote in message
news:eda701c3f0ca$28fe7290$a501280a@phx.gbl...
> Anyone know anything about "Pack71"?
>
> I got an email which appeared to an official Microsoft
> mailing in html format with Microsoft header and
> everything, from a sender called "Public Assistance". The
> text of the message read:
>
> "this is the latest version of security update,
> the "February 2004, Cumulative Patch" update which fixes
> all known security vulnerabilities affecting MS Internet
> Explorer, MS Outlook and MS Outlook Express as well as
> three newly discovered vulnerabilities. Install now to
> continue keeping your computer secure from these
> vulnerabilities, the most serious of which could allow an
> attacker to run code on your computer. This update
> includes the functionality of all previously released
> patches."
>
> The message had an attachment called "Pack71.exe" (106
> KB). I am suspicious of ANY email that contains an .exe
> attachment. If it was an offical Microsoft email, why
> wouldn't the sender simply point the recipient to a web
> link to download the latest patch, rather than including
> it as an attachment?
>
> I did a search on the web and on Microsoft
> for "Pack71.exe" and turned up nothing. I went to
> Microsoft's Security web site, ran a security check for
> Windows, and it turned up 1 critical update that it needed
> (there was no mention of Pack71.exe). After installing
> the update, I ran the test again, the install appeared
> successful and it told me that "there were no critical
> updates to install."
>
> Anybody know of Pack71.exe or where on the web that I can
> get information about it?
>
> Sorry about the lengthy post. Any information would be
> appreciated.
>
> Thanks,
> JA

SFB
Wed Feb 11 12:29:51 CST 2004


"JA" <anonymous@discussions.microsoft.com> schreef in bericht
news:eda701c3f0ca$28fe7290$a501280a@phx.gbl...
> Anyone know anything about "Pack71"?
>
> I got an email which appeared to an official Microsoft
> mailing in html format with Microsoft header and
> everything, from a sender called "Public Assistance". The
> text of the message read:
>
> "this is the latest version of security update,
> the "February 2004, Cumulative Patch" update which fixes
> all known security vulnerabilities affecting MS Internet
> Explorer, MS Outlook and MS Outlook Express as well as
> three newly discovered vulnerabilities. Install now to
> continue keeping your computer secure from these
> vulnerabilities, the most serious of which could allow an
> attacker to run code on your computer. This update
> includes the functionality of all previously released
> patches."
>
> The message had an attachment called "Pack71.exe" (106
> KB). I am suspicious of ANY email that contains an .exe
> attachment. If it was an offical Microsoft email, why
> wouldn't the sender simply point the recipient to a web
> link to download the latest patch, rather than including
> it as an attachment?
>
> I did a search on the web and on Microsoft
> for "Pack71.exe" and turned up nothing. I went to
> Microsoft's Security web site, ran a security check for
> Windows, and it turned up 1 critical update that it needed
> (there was no mention of Pack71.exe). After installing
> the update, I ran the test again, the install appeared
> successful and it told me that "there were no critical
> updates to install."
>
> Anybody know of Pack71.exe or where on the web that I can
> get information about it?
>
> Sorry about the lengthy post. Any information would be
> appreciated.

Delete the e-mail and run Stinger. http://vil.nai.com/vil/stinger/

Duncan
Wed Feb 11 12:36:16 CST 2004

Dave wrote:
> you are now infected... probably with the swen virus, and are probably
> sending out infected emails as fast as your internet link will go.

Only if he ran this "pack71.exe" program. From what he wrote I don't think
he did.

I wish Microsoft would concentrate on promoting secure computer user
behaviour, rather than claiming incorrectly that their software is secure.
Then more people would be like "JA" and not allow things like Swen to get a
foothold.
--
_| _ _ _ ___ _ ___
(_| \_/ / \ \_ /-\ \ /
Sent with Mozilla 1.6

anonymous
Wed Feb 11 12:34:58 CST 2004

I have NOT run the attachment. How can I be infected?

>-----Original Message-----
>you are now infected... probably with the swen virus, and
are probably
>sending out infected emails as fast as your internet link
will go. after
>you remove it you need to get a good virus scanner, keep
it up to date, let
>it scan your incoming mail and delete the infected ones
if you aren't going
>believe your first hunch and not run the attachments.
>
>"JA" <anonymous@discussions.microsoft.com> wrote in
message
>news:eda701c3f0ca$28fe7290$a501280a@phx.gbl...
>> Anyone know anything about "Pack71"?
>>
>> I got an email which appeared to an official Microsoft
>> mailing in html format with Microsoft header and
>> everything, from a sender called "Public Assistance".
The
>> text of the message read:
>>
>> "this is the latest version of security update,
>> the "February 2004, Cumulative Patch" update which fixes
>> all known security vulnerabilities affecting MS Internet
>> Explorer, MS Outlook and MS Outlook Express as well as
>> three newly discovered vulnerabilities. Install now to
>> continue keeping your computer secure from these
>> vulnerabilities, the most serious of which could allow
an
>> attacker to run code on your computer. This update
>> includes the functionality of all previously released
>> patches."
>>
>> The message had an attachment called "Pack71.exe" (106
>> KB). I am suspicious of ANY email that contains an .exe
>> attachment. If it was an offical Microsoft email, why
>> wouldn't the sender simply point the recipient to a web
>> link to download the latest patch, rather than including
>> it as an attachment?
>>
>> I did a search on the web and on Microsoft
>> for "Pack71.exe" and turned up nothing. I went to
>> Microsoft's Security web site, ran a security check for
>> Windows, and it turned up 1 critical update that it
needed
>> (there was no mention of Pack71.exe). After installing
>> the update, I ran the test again, the install appeared
>> successful and it told me that "there were no critical
>> updates to install."
>>
>> Anybody know of Pack71.exe or where on the web that I
can
>> get information about it?
>>
>> Sorry about the lengthy post. Any information would be
>> appreciated.
>>
>> Thanks,
>> JA
>
>
>.
>

Dave
Wed Feb 11 12:43:12 CST 2004

I must have misread the "After installing the update" to mean he installed
pack71. hopefully that is the case and he will still get a good virus
scanner, once that things get downloaded there is always the chance you may
run it accidently... i prefer having my isp stop them, that way i don't even
have to bother deleting them.

"Duncan Corps" <duncancorps@netscape.net> wrote in message
news:#h#1m3M8DHA.2952@TK2MSFTNGP09.phx.gbl...
> Dave wrote:
> > you are now infected... probably with the swen virus, and are probably
> > sending out infected emails as fast as your internet link will go.
>
> Only if he ran this "pack71.exe" program. From what he wrote I don't think
> he did.
>
> I wish Microsoft would concentrate on promoting secure computer user
> behaviour, rather than claiming incorrectly that their software is secure.
> Then more people would be like "JA" and not allow things like Swen to get
a
> foothold.
> --
> _| _ _ _ ___ _ ___
> (_| \_/ / \ \_ /-\ \ /
> Sent with Mozilla 1.6

anonymous
Wed Feb 11 12:51:23 CST 2004

You arent then if you didnt run it.
This is a hoak email. Microsoft will/has never sent
updates via email. What probably happened was at one time
you posted your real email to a newgroup or someone you
emailed at one time had a worm and your address was
harvested from that.
Just delete these and make sure you do not open any
attachment.
Also just as an aside make sure your firewall/antivirus is
uptodate. And scan your system.

>-----Original Message-----
>I have NOT run the attachment. How can I be infected?
>
>>-----Original Message-----
>>you are now infected... probably with the swen virus,
and
>are probably
>>sending out infected emails as fast as your internet
link
>will go. after
>>you remove it you need to get a good virus scanner, keep
>it up to date, let
>>it scan your incoming mail and delete the infected ones
>if you aren't going
>>believe your first hunch and not run the attachments.
>>
>>"JA" <anonymous@discussions.microsoft.com> wrote in
>message
>>news:eda701c3f0ca$28fe7290$a501280a@phx.gbl...
>>> Anyone know anything about "Pack71"?
>>>
>>> I got an email which appeared to an official Microsoft
>>> mailing in html format with Microsoft header and
>>> everything, from a sender called "Public Assistance".
>The
>>> text of the message read:
>>>
>>> "this is the latest version of security update,
>>> the "February 2004, Cumulative Patch" update which
fixes
>>> all known security vulnerabilities affecting MS
Internet
>>> Explorer, MS Outlook and MS Outlook Express as well as
>>> three newly discovered vulnerabilities. Install now to
>>> continue keeping your computer secure from these
>>> vulnerabilities, the most serious of which could allow
>an
>>> attacker to run code on your computer. This update
>>> includes the functionality of all previously released
>>> patches."
>>>
>>> The message had an attachment called "Pack71.exe" (106
>>> KB). I am suspicious of ANY email that contains
an .exe
>>> attachment. If it was an offical Microsoft email, why
>>> wouldn't the sender simply point the recipient to a web
>>> link to download the latest patch, rather than
including
>>> it as an attachment?
>>>
>>> I did a search on the web and on Microsoft
>>> for "Pack71.exe" and turned up nothing. I went to
>>> Microsoft's Security web site, ran a security check for
>>> Windows, and it turned up 1 critical update that it
>needed
>>> (there was no mention of Pack71.exe). After installing
>>> the update, I ran the test again, the install appeared
>>> successful and it told me that "there were no critical
>>> updates to install."
>>>
>>> Anybody know of Pack71.exe or where on the web that I
>can
>>> get information about it?
>>>
>>> Sorry about the lengthy post. Any information would be
>>> appreciated.
>>>
>>> Thanks,
>>> JA
>>
>>
>>.
>>
>.
>

JA
Wed Feb 11 14:52:28 CST 2004

Thanks for the help guys. I did not run the pack71.exe,
I've deleted the email, I'v scanned my system, and it
appears clean.

Best regards,
JA


>-----Original Message-----
>Anyone know anything about "Pack71"?
>
>I got an email which appeared to an official Microsoft
>mailing in html format with Microsoft header and
>everything, from a sender called "Public Assistance".
The
>text of the message read:
>
>"this is the latest version of security update,
>the "February 2004, Cumulative Patch" update which fixes
>all known security vulnerabilities affecting MS Internet
>Explorer, MS Outlook and MS Outlook Express as well as
>three newly discovered vulnerabilities. Install now to
>continue keeping your computer secure from these
>vulnerabilities, the most serious of which could allow an
>attacker to run code on your computer. This update
>includes the functionality of all previously released
>patches."
>
>The message had an attachment called "Pack71.exe" (106
>KB). I am suspicious of ANY email that contains an .exe
>attachment. If it was an offical Microsoft email, why
>wouldn't the sender simply point the recipient to a web
>link to download the latest patch, rather than including
>it as an attachment?
>
>I did a search on the web and on Microsoft
>for "Pack71.exe" and turned up nothing. I went to
>Microsoft's Security web site, ran a security check for
>Windows, and it turned up 1 critical update that it
needed
>(there was no mention of Pack71.exe). After installing
>the update, I ran the test again, the install appeared
>successful and it told me that "there were no critical
>updates to install."
>
>Anybody know of Pack71.exe or where on the web that I can
>get information about it?
>
>Sorry about the lengthy post. Any information would be
>appreciated.
>
>Thanks,
>JA
>.
>

Lanwench
Wed Feb 11 20:53:46 CST 2004

Duncan Corps wrote:
> Dave wrote:
>> you are now infected... probably with the swen virus, and are
>> probably sending out infected emails as fast as your internet link
>> will go.
>
> Only if he ran this "pack71.exe" program. From what he wrote I don't
> think he did.
>
> I wish Microsoft would concentrate on promoting secure computer user
> behaviour, rather than claiming incorrectly that their software is
> secure. Then more people would be like "JA" and not allow things like
> Swen to get a foothold.

Everyone needs:
* good (regularly updated) antivirus software (that runs resident and also
scans mail)
* a good firewall to block ports
* to run Windows Update regularly.