Bombarded with Fake MS Mail

I am getting bombarded with emails containg the false security patch from
MS, and the qmail notices of failed deliveries. My AV is catching all of the
bad files but still getting the main email (123 today and counting). Trying
to control this with rules. IS there another way to stop this mail from
getting to me?

Les
Fri Sep 19 12:59:04 CDT 2003

Hi John,

I'm not getting any of these :-( or is that a :-)? I see lots of reports
though.

I have a couple of questions:

If you look at the headers, are these emails coming from a wide range of IP
addresses, a few, or only one?

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !

"John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
news:Ohy1mbtfDHA.408@TK2MSFTNGP10.phx.gbl...
> I am getting bombarded with emails containg the false security patch from
> MS, and the qmail notices of failed deliveries. My AV is catching all of
the
> bad files but still getting the main email (123 today and counting).
Trying
> to control this with rules. IS there another way to stop this mail from
> getting to me?
>
>

Marcia
Fri Sep 19 13:15:49 CDT 2003

Hi! I'm getting bombarded too. I've only had 64 today so far--several
yesterday. I can't look at the headers, McAfee prompts to "open" or "not
open". Can't get beyond that prompt to see any properties of it to know how
to block it or report it.

Marcia

"John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
news:Ohy1mbtfDHA.408@TK2MSFTNGP10.phx.gbl...
> I am getting bombarded with emails containg the false security patch from
> MS, and the qmail notices of failed deliveries. My AV is catching all of
the
> bad files but still getting the main email (123 today and counting).
Trying
> to control this with rules. IS there another way to stop this mail from
> getting to me?
>
>

John
Fri Sep 19 13:18:44 CDT 2003

Same problem MArcia (and for Les's information). Have been unable to get to
any of the information to determine an origin. Trying ot use the rules to
offset some of them, but of course trying to link it to content that
continually changes is hard. Right now it is about 5 per 15 minutes. on
average. My block list is up to 15 items, everything from "Cumualtive
Patch", to "MS Customer", to Microsoft Customer". Is a real big PITA right
now. Have a message to my ISP about it. Usually they pick this stuff up
faster than this. Seems your ISP is a bit faster than mine Les.

"John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
news:Ohy1mbtfDHA.408@TK2MSFTNGP10.phx.gbl...
> I am getting bombarded with emails containg the false security patch from
> MS, and the qmail notices of failed deliveries. My AV is catching all of
the
> bad files but still getting the main email (123 today and counting).
Trying
> to control this with rules. IS there another way to stop this mail from
> getting to me?
>
>

Les
Fri Sep 19 13:38:44 CDT 2003

I feel left out ;'-(

.not.

Can you right click a message and select options, and see if there's any
consistency to the originating ip addresses?

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !

"John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
news:#nIgDrtfDHA.2072@TK2MSFTNGP10.phx.gbl...
> Same problem MArcia (and for Les's information). Have been unable to get
to
> any of the information to determine an origin. Trying ot use the rules to
> offset some of them, but of course trying to link it to content that
> continually changes is hard. Right now it is about 5 per 15 minutes. on
> average. My block list is up to 15 items, everything from "Cumualtive
> Patch", to "MS Customer", to Microsoft Customer". Is a real big PITA right
> now. Have a message to my ISP about it. Usually they pick this stuff up
> faster than this. Seems your ISP is a bit faster than mine Les.
>
> "John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
> news:Ohy1mbtfDHA.408@TK2MSFTNGP10.phx.gbl...
> > I am getting bombarded with emails containg the false security patch
from
> > MS, and the qmail notices of failed deliveries. My AV is catching all of
> the
> > bad files but still getting the main email (123 today and counting).
> Trying
> > to control this with rules. IS there another way to stop this mail from
> > getting to me?
> >
> >
>
>

Les
Fri Sep 19 13:43:20 CDT 2003

could you forward one to me?

les dot connor at cfive dot ca

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !

"John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
news:#nIgDrtfDHA.2072@TK2MSFTNGP10.phx.gbl...
> Same problem MArcia (and for Les's information). Have been unable to get
to
> any of the information to determine an origin. Trying ot use the rules to
> offset some of them, but of course trying to link it to content that
> continually changes is hard. Right now it is about 5 per 15 minutes. on
> average. My block list is up to 15 items, everything from "Cumualtive
> Patch", to "MS Customer", to Microsoft Customer". Is a real big PITA right
> now. Have a message to my ISP about it. Usually they pick this stuff up
> faster than this. Seems your ISP is a bit faster than mine Les.
>
> "John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
> news:Ohy1mbtfDHA.408@TK2MSFTNGP10.phx.gbl...
> > I am getting bombarded with emails containg the false security patch
from
> > MS, and the qmail notices of failed deliveries. My AV is catching all of
> the
> > bad files but still getting the main email (123 today and counting).
> Trying
> > to control this with rules. IS there another way to stop this mail from
> > getting to me?
> >
> >
>
>

Javier
Fri Sep 19 13:51:25 CDT 2003

You want it with or without the virus???

:-)

"Les Connor [SBS MVP]" <les.connor@cfiveDEL.ca> wrote in message
news:uwMAn3tfDHA.1712@TK2MSFTNGP11.phx.gbl...
> could you forward one to me?
>
> les dot connor at cfive dot ca
>
> --
> Les Connor [SBS MVP]
> -------------------------------------
> SBS Rocks !
>
>
>
> "John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
> news:#nIgDrtfDHA.2072@TK2MSFTNGP10.phx.gbl...
> > Same problem MArcia (and for Les's information). Have been unable to get
> to
> > any of the information to determine an origin. Trying ot use the rules
to
> > offset some of them, but of course trying to link it to content that
> > continually changes is hard. Right now it is about 5 per 15 minutes. on
> > average. My block list is up to 15 items, everything from "Cumualtive
> > Patch", to "MS Customer", to Microsoft Customer". Is a real big PITA
right
> > now. Have a message to my ISP about it. Usually they pick this stuff up
> > faster than this. Seems your ISP is a bit faster than mine Les.
> >
> > "John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote in message
> > news:Ohy1mbtfDHA.408@TK2MSFTNGP10.phx.gbl...
> > > I am getting bombarded with emails containg the false security patch
> from
> > > MS, and the qmail notices of failed deliveries. My AV is catching all
of
> > the
> > > bad files but still getting the main email (123 today and counting).
> > Trying
> > > to control this with rules. IS there another way to stop this mail
from
> > > getting to me?
> > >
> > >
> >
> >
>
>

Javier
Fri Sep 19 13:54:30 CDT 2003

Here's one sample (headers are at the end):

----- Original Message -----
From: Public Services
To: Commercial Customer
Sent: Friday, September 19, 2003 2:07 PM
Subject: Latest Internet Critical Upgrade

Microsoft All Products | Support | Search | Microsoft.com
Guide
Microsoft Home

Microsoft Customer

this is the latest version of security update, the "September 2003,
Cumulative Patch" update which eliminates all known security vulnerabilities
affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install
now to protect your computer from these vulnerabilities, the most serious of
which could allow an malicious user to run executable on your computer. This
update includes the functionality of all previously released patches.

System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and
later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest
opportunity.
How to install Run attached file. Choose Yes on displayed dialog
box.
How to use You don't need to do anything after installing this
item.

Microsoft Product Support Services and Knowledge Base articles can
be found on the Microsoft Technical Support web site. For security-related
information about Microsoft products, please visit the Microsoft Security
Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored
e-mail address and we are unable to respond to any replies.

------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are
the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use |
Privacy Statement | Accessibility

Return-Path: <wnburger@comcast.net>
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
[204.127.202.64])
by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
by comcast.net (sccrmhc13) with ESMTP
id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003 18:14:13 +0000
X-Comment: AT&T Maillennium special handling codes - xc
Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from hhffwc
(pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
by comcast.net (sccrmhc13) with SMTP
id <2003091918071101600do12ne>; Fri, 19 Sep 2003 18:07:11 +0000
X-Comment: AT&T Maillennium special handling code - c
From: "Public Services" <srcvnbutyo@bulletin.ms.net>
To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
SUBJECT: Latest Internet Critical Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>

Javier
Fri Sep 19 13:58:22 CDT 2003

This is a multi-part message in MIME format.

------=_NextPart_000_0086_01C37EBE.7C279240
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Damn... I forgot that I needed HTML.

----- Original Message -----=20
From: Public Services=20
To: Commercial Customer=20
Sent: Friday, September 19, 2003 2:07 PM
Subject: Latest Internet Critical Upgrade

Microsoft All Products | Support | Search | =
Microsoft.com Guide =20
Microsoft Home =20
=20

Microsoft Customer

this is the latest version of security update, the "September =
2003, Cumulative Patch" update which eliminates all known security =
vulnerabilities affecting MS Internet Explorer, MS Outlook and MS =
Outlook Express. Install now to protect your computer from these =
vulnerabilities, the most serious of which could allow an malicious user =
to run executable on your computer. This update includes the =
functionality of all previously released patches. =20

System requirements Windows 95/98/Me/2000/NT/XP=20
This update applies to MS Internet Explorer, version 4.01 and =
later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later =20
Recommendation Customers should install the patch at the =
earliest opportunity.=20
How to install Run attached file. Choose Yes on displayed =
dialog box.=20
How to use You don't need to do anything after installing this =
item.=20

Microsoft Product Support Services and Knowledge Base articles =
can be found on the Microsoft Technical Support web site. For =
security-related information about Microsoft products, please visit the =
Microsoft Security Advisor web site, or Contact Us.=20

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an =
unmonitored e-mail address and we are unable to respond to any replies.

------------------------------------------------------------------------
The names of the actual companies and products mentioned herein =
are the trademarks of their respective owners. =20

Contact Us | Legal | TRUSTe =20
=A92003 Microsoft Corporation. All rights reserved. Terms of Use =
| Privacy Statement | Accessibility =20

------=_NextPart_000_0086_01C37EBE.7C279240
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1226" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>Damn... I forgot that I needed =
HTML.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<DIV>----- Original Message ----- </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Dsrcvnbutyo@bulletin.ms.net=20
href=3D"mailto:srcvnbutyo@bulletin.ms.net">Public Services</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
title=3Dcustomer_jycykrkgul@bulletin.ms.net=20
href=3D"mailto:customer_jycykrkgul@bulletin.ms.net">Commercial =
Customer</A>=20
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, September 19, =
2003 2:07=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Latest Internet =
Critical=20
Upgrade</DIV>
<DIV><BR></DIV><BASEFONT face=3Dverdana,arial size=3D2>
<TABLE height=3D40 width=3D600 bgColor=3D#1478eb>
<TBODY>
<TR height=3D20>
<TD vAlign=3Dtop align=3Dleft width=3D400 rowSpan=3D2>  <FONT =

face=3Dsans-serif size=3D5><I><B><A class=3Dnavtext=20
title=3D"Microsoft Home Site" href=3D"http://www.microsoft.com/" =

target=3D_top><FONT color=3D#ffffff>Microsoft</FONT></A> =
</B></I></FONT></TD>
<TD vAlign=3Dcenter noWrap align=3Dright bgColor=3Dblack><FONT =
size=3D1><FONT=20
color=3D#ffffff>  </FONT><A class=3Dnavtext=20
href=3D"http://www.microsoft.com/catalog/" target=3D_top><FONT=20
color=3D#ffffff>All Products</FONT></A><FONT =
color=3D#ffffff> | =20
</FONT><A class=3Dnavtext href=3D"http://support.microsoft.com/" =

target=3D_top><FONT color=3D#ffffff>Support</FONT></A><FONT=20
color=3D#ffffff> |  </FONT><A class=3Dnavtext=20
href=3D"http://search.microsoft.com/" target=3D_top><FONT=20
color=3D#ffffff>Search</FONT></A><FONT =
color=3D#ffffff> | =20
</FONT><A class=3Dnavtext href=3D"http://www.microsoft.com/"=20
target=3D_top><FONT color=3D#ffffff>Microsoft.com =
Guide</FONT></A><FONT=20
color=3D#ffffff>  </FONT></FONT></TD></TR>
<TR>
<TD vAlign=3Dbottom noWrap align=3Dright><FONT face=3D"Verdana, =
Arial"=20
size=3D1><B><A class=3Dnavtext =
href=3D"http://www.microsoft.com/"=20
target=3D" top"><FONT color=3D#ffffff>Microsoft=20
Home</FONT></A>  </B> =
</FONT></TD></TR></TBODY></TABLE> <IMG=20
src=3D"mhtml:mid://00000118/!cid:bnlsabh" border=3D0><BR><BR>
<TABLE width=3D600>
<TBODY>
<TR>
<TD><FONT size=3D2>Microsoft Customer<BR><BR>this is the latest =
version of=20
security update, the "September 2003, Cumulative Patch" update =
which=20
eliminates all known security vulnerabilities affecting MS =
Internet=20
Explorer, MS Outlook and MS Outlook Express. Install now to =
protect your=20
computer from these vulnerabilities, the most serious of which =
could=20
allow an malicious user to run executable on your computer. This =
update=20
includes the functionality of all previously released patches.=20
</FONT></TD></TR></TBODY></TABLE><BR><BR>
<TABLE cellSpacing=3D1 cellPadding=3D3 width=3D600 border=3D1>
<TBODY>
<TR vAlign=3Dtop>
<TD noWrap><FONT size=3D1><B><IMG =
src=3D"mhtml:mid://00000118/!cid:strjldi"=20
align=3DabsMiddle border=3D0> System requirements</B> =
</FONT></TD>
<TD noWrap><FONT size=3D1>Windows =
95/98/Me/2000/NT/XP</FONT></TD></TR>
<TR vAlign=3Dtop>
<TD noWrap><FONT size=3D1><B><IMG =
src=3D"mhtml:mid://00000118/!cid:strjldi"=20
align=3DabsMiddle border=3D0> This update applies to</B> =
</FONT></TD>
<TD noWrap><FONT size=3D1>MS Internet Explorer, version 4.01 and=20
later<BR>MS Outlook, version 8.00 and later<BR>MS Outlook =
Express,=20
version 4.01 and later </FONT></TD></TR>
<TR vAlign=3Dtop>
<TD noWrap><FONT size=3D1><B><IMG =
src=3D"mhtml:mid://00000118/!cid:strjldi"=20
align=3DabsMiddle =
border=3D0> Recommendation</B></FONT></TD>
<TD noWrap><FONT size=3D1>Customers should install the patch at =
the=20
earliest opportunity.</FONT></TD></TR>
<TR vAlign=3Dtop>
<TD noWrap><FONT size=3D1><B><IMG =
src=3D"mhtml:mid://00000118/!cid:strjldi"=20
align=3DabsMiddle border=3D0> How to =
install</B></FONT></TD>
<TD noWrap><FONT size=3D1>Run attached file. Choose Yes on =
displayed=20
dialog box.</FONT></TD></TR>
<TR vAlign=3Dtop>
<TD noWrap><FONT size=3D1><B><IMG =
src=3D"mhtml:mid://00000118/!cid:strjldi"=20
align=3DabsMiddle border=3D0> How to use</B></FONT></TD>
<TD noWrap><FONT size=3D1>You don't need to do anything after =
installing=20
this item.</FONT></TD></TR></TBODY></TABLE><BR>
<TABLE width=3D600>
<TBODY>
<TR>
<TD><FONT size=3D2>Microsoft Product Support Services and =
Knowledge Base=20
articles can be found on the <A =
href=3D"http://support.microsoft.com/"=20
target=3D_top>Microsoft Technical Support</A> web site. For=20
security-related information about Microsoft products, please =
visit the=20
<A href=3D"http://www.microsoft.com/security" =
target=3D_top>Microsoft=20
Security Advisor</A> web site, or <A=20
href=3D"http://www.microsoft.com/contactus/contactus.asp"=20
target=3D_top>Contact Us.</A> <BR><BR>Thank you for using =
Microsoft=20
products.<BR><BR></FONT><FONT size=3D1>Please do not reply to =
this=20
message. It was sent from an unmonitored e-mail address and we =
are=20
unable to respond to any replies.<BR></FONT>
<HR width=3D"100%" color=3Dsilver SIZE=3D1>
<FONT color=3Dgray size=3D1>The names of the actual companies =
and products=20
mentioned herein are the trademarks of their respective =
owners.</FONT>=20
</TD></TR></TBODY></TABLE><BR>
<TABLE height=3D45 width=3D600 bgColor=3D#1478eb>
<TBODY>
<TR vAlign=3Dtop>
<TD width=3D5></TD>
<TD><FONT size=3D1><B><A class=3Dnavtext=20
href=3D"http://www.microsoft.com/contactus/contactus.asp"=20
target=3D_top><FONT color=3D#ffffff>Contact Us</FONT></A><FONT=20
color=3D#ffffff>  |  </FONT><A class=3Dnavtext=20
href=3D"http://www.microsoft.com/legal/" target=3D_top><FONT=20
color=3D#ffffff>Legal</FONT></A><FONT color=3D#ffffff> =
 | =20
</FONT><A class=3Dnavtext title=3D"TRUSTe - Click to Verify"=20
href=3D"https://www.truste.org/validate/605" target=3D_top><FONT =

color=3D#ffffff>TRUSTe</FONT></A><FONT color=3D#ffffff>=20
</FONT></FONT></B></TD></TR>
<TR vAlign=3Dcenter>
<TD width=3D5></TD>
<TD><FONT color=3D#ffffff size=3D1>=A92003 Microsoft Corporation. =
All rights=20
reserved. <A style=3D"COLOR: #ffffff"=20
href=3D"http://www.microsoft.com/info/cpyright.htm" =
target=3D_top>Terms of=20
Use</A>  |  <A style=3D"COLOR: #ffffff"=20
href=3D"http://www.microsoft.com/info/privacy.htm" =
target=3D_top>Privacy=20
Statement</A> |  <A style=3D"COLOR: #ffffff"=20
href=3D"http://www.microsoft.com/enable/" =
target=3D_top>Accessibility</A>=20
=
</FONT></TD></TR></TBODY></TABLE></BLOCKQUOTE></BASEFONT></DIV></BODY></H=
TML>

------=_NextPart_000_0086_01C37EBE.7C279240--

Marcia
Fri Sep 19 14:00:12 CDT 2003

That's good. I can't get to the options or properties to copy headers. I
can see them...but that's it. I just keep deleting them.

It would be nice to be left out of this one.

Marcia

"Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in message
news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> Here's one sample (headers are at the end):
>
> ----- Original Message -----
> From: Public Services
> To: Commercial Customer
> Sent: Friday, September 19, 2003 2:07 PM
> Subject: Latest Internet Critical Upgrade
>
>
> Microsoft All Products | Support | Search | Microsoft.com
> Guide
> Microsoft Home
>
>
> Microsoft Customer
>
> this is the latest version of security update, the "September
2003,
> Cumulative Patch" update which eliminates all known security
vulnerabilities
> affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install
> now to protect your computer from these vulnerabilities, the most serious
of
> which could allow an malicious user to run executable on your computer.
This
> update includes the functionality of all previously released patches.
>
>
> System requirements Windows 95/98/Me/2000/NT/XP
> This update applies to MS Internet Explorer, version 4.01 and
> later
> MS Outlook, version 8.00 and later
> MS Outlook Express, version 4.01 and later
> Recommendation Customers should install the patch at the earliest
> opportunity.
> How to install Run attached file. Choose Yes on displayed dialog
> box.
> How to use You don't need to do anything after installing this
> item.
>
> Microsoft Product Support Services and Knowledge Base articles can
> be found on the Microsoft Technical Support web site. For security-related
> information about Microsoft products, please visit the Microsoft Security
> Advisor web site, or Contact Us.
>
> Thank you for using Microsoft products.
>
> Please do not reply to this message. It was sent from an
unmonitored
> e-mail address and we are unable to respond to any replies.
>
> ------------------------------------------------------------------------
> The names of the actual companies and products mentioned herein
are
> the trademarks of their respective owners.
>
> Contact Us | Legal | TRUSTe
> ©2003 Microsoft Corporation. All rights reserved. Terms of Use |
> Privacy Statement | Accessibility
>
>
> Return-Path: <wnburger@comcast.net>
> Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> [204.127.202.64])
> by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> by comcast.net (sccrmhc13) with ESMTP
> id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003 18:14:13
+0000
> X-Comment: AT&T Maillennium special handling codes - xc
> Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> X-Comment: Sending client does not conform to RFC822 minimum
requirements
> X-Comment: Date has been added by Maillennium.
> Received: from hhffwc
> (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> by comcast.net (sccrmhc13) with SMTP
> id <2003091918071101600do12ne>; Fri, 19 Sep 2003 18:07:11
+0000
> X-Comment: AT&T Maillennium special handling code - c
> From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> SUBJECT: Latest Internet Critical Upgrade
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
>
>
>

Craig
Fri Sep 19 14:08:27 CDT 2003

Stupid little pain in the keyster Swen Virus!
"Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in message
news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> Here's one sample (headers are at the end):
>
> ----- Original Message -----
> From: Public Services
> To: Commercial Customer
> Sent: Friday, September 19, 2003 2:07 PM
> Subject: Latest Internet Critical Upgrade
>
>
> Microsoft All Products | Support | Search | Microsoft.com
> Guide
> Microsoft Home
>
>
> Microsoft Customer
>
> this is the latest version of security update, the "September
2003,
> Cumulative Patch" update which eliminates all known security
vulnerabilities
> affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install
> now to protect your computer from these vulnerabilities, the most serious
of
> which could allow an malicious user to run executable on your computer.
This
> update includes the functionality of all previously released patches.
>
>
> System requirements Windows 95/98/Me/2000/NT/XP
> This update applies to MS Internet Explorer, version 4.01 and
> later
> MS Outlook, version 8.00 and later
> MS Outlook Express, version 4.01 and later
> Recommendation Customers should install the patch at the earliest
> opportunity.
> How to install Run attached file. Choose Yes on displayed dialog
> box.
> How to use You don't need to do anything after installing this
> item.
>
> Microsoft Product Support Services and Knowledge Base articles can
> be found on the Microsoft Technical Support web site. For security-related
> information about Microsoft products, please visit the Microsoft Security
> Advisor web site, or Contact Us.
>
> Thank you for using Microsoft products.
>
> Please do not reply to this message. It was sent from an
unmonitored
> e-mail address and we are unable to respond to any replies.
>
> ------------------------------------------------------------------------
> The names of the actual companies and products mentioned herein
are
> the trademarks of their respective owners.
>
> Contact Us | Legal | TRUSTe
> ©2003 Microsoft Corporation. All rights reserved. Terms of Use |
> Privacy Statement | Accessibility
>
>
> Return-Path: <wnburger@comcast.net>
> Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> [204.127.202.64])
> by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> by comcast.net (sccrmhc13) with ESMTP
> id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003 18:14:13
+0000
> X-Comment: AT&T Maillennium special handling codes - xc
> Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> X-Comment: Sending client does not conform to RFC822 minimum
requirements
> X-Comment: Date has been added by Maillennium.
> Received: from hhffwc
> (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> by comcast.net (sccrmhc13) with SMTP
> id <2003091918071101600do12ne>; Fri, 19 Sep 2003 18:07:11
+0000
> X-Comment: AT&T Maillennium special handling code - c
> From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> SUBJECT: Latest Internet Critical Upgrade
> Mime-Version: 1.0
> Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
>
>
>

Craig
Fri Sep 19 14:13:37 CDT 2003

Do all the messages have the from yadayada@bulletin.ms.net

Maybe a rule for the from would help.

Craig P.

"Marcia" <mporter@martechgroup.net> wrote in message
news:%23ixhxAufDHA.3204@TK2MSFTNGP11.phx.gbl...
> That's good. I can't get to the options or properties to copy headers. I
> can see them...but that's it. I just keep deleting them.
>
> It would be nice to be left out of this one.
>
> Marcia
>
>
> "Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in
message
> news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> > Here's one sample (headers are at the end):
> >
> > ----- Original Message -----
> > From: Public Services
> > To: Commercial Customer
> > Sent: Friday, September 19, 2003 2:07 PM
> > Subject: Latest Internet Critical Upgrade
> >
> >
> > Microsoft All Products | Support | Search |
Microsoft.com
> > Guide
> > Microsoft Home
> >
> >
> > Microsoft Customer
> >
> > this is the latest version of security update, the "September
> 2003,
> > Cumulative Patch" update which eliminates all known security
> vulnerabilities
> > affecting MS Internet Explorer, MS Outlook and MS Outlook Express.
Install
> > now to protect your computer from these vulnerabilities, the most
serious
> of
> > which could allow an malicious user to run executable on your computer.
> This
> > update includes the functionality of all previously released patches.
> >
> >
> > System requirements Windows 95/98/Me/2000/NT/XP
> > This update applies to MS Internet Explorer, version 4.01 and
> > later
> > MS Outlook, version 8.00 and later
> > MS Outlook Express, version 4.01 and later
> > Recommendation Customers should install the patch at the
earliest
> > opportunity.
> > How to install Run attached file. Choose Yes on displayed
dialog
> > box.
> > How to use You don't need to do anything after installing this
> > item.
> >
> > Microsoft Product Support Services and Knowledge Base articles
can
> > be found on the Microsoft Technical Support web site. For
security-related
> > information about Microsoft products, please visit the Microsoft
Security
> > Advisor web site, or Contact Us.
> >
> > Thank you for using Microsoft products.
> >
> > Please do not reply to this message. It was sent from an
> unmonitored
> > e-mail address and we are unable to respond to any replies.
> >
> > ------------------------------------------------------------------------
> > The names of the actual companies and products mentioned herein
> are
> > the trademarks of their respective owners.
> >
> > Contact Us | Legal | TRUSTe
> > ©2003 Microsoft Corporation. All rights reserved. Terms of Use |
> > Privacy Statement | Accessibility
> >
> >
> > Return-Path: <wnburger@comcast.net>
> > Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> > [204.127.202.64])
> > by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> > for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> > Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> > by comcast.net (sccrmhc13) with ESMTP
> > id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003 18:14:13
> +0000
> > X-Comment: AT&T Maillennium special handling codes - xc
> > Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> > X-Comment: Sending client does not conform to RFC822 minimum
> requirements
> > X-Comment: Date has been added by Maillennium.
> > Received: from hhffwc
> > (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> > by comcast.net (sccrmhc13) with SMTP
> > id <2003091918071101600do12ne>; Fri, 19 Sep 2003 18:07:11
> +0000
> > X-Comment: AT&T Maillennium special handling code - c
> > From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> > To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> > SUBJECT: Latest Internet Critical Upgrade
> > Mime-Version: 1.0
> > Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> > Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
> >
> >
> >
>
>

Kevin3NF
Fri Sep 19 14:17:17 CDT 2003

> Stupid little pain in the keyster Swen Virus!
Amen, brudda...

Kevin

"Craig Pfau" <thehelpdesk(noSpam)@chdnet.com> wrote in message
news:OjprqBufDHA.132@tk2msftngp13.phx.gbl...
> Stupid little pain in the keyster Swen Virus!
> "Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in
message
> news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> > Here's one sample (headers are at the end):
> >
> > ----- Original Message -----
> > From: Public Services
> > To: Commercial Customer
> > Sent: Friday, September 19, 2003 2:07 PM
> > Subject: Latest Internet Critical Upgrade
> >
> >
> > Microsoft All Products | Support | Search |
Microsoft.com
> > Guide
> > Microsoft Home
> >
> >
> > Microsoft Customer
> >
> > this is the latest version of security update, the "September
> 2003,
> > Cumulative Patch" update which eliminates all known security
> vulnerabilities
> > affecting MS Internet Explorer, MS Outlook and MS Outlook Express.
Install
> > now to protect your computer from these vulnerabilities, the most
serious
> of
> > which could allow an malicious user to run executable on your computer.
> This
> > update includes the functionality of all previously released patches.
> >
> >
> > System requirements Windows 95/98/Me/2000/NT/XP
> > This update applies to MS Internet Explorer, version 4.01 and
> > later
> > MS Outlook, version 8.00 and later
> > MS Outlook Express, version 4.01 and later
> > Recommendation Customers should install the patch at the
earliest
> > opportunity.
> > How to install Run attached file. Choose Yes on displayed
dialog
> > box.
> > How to use You don't need to do anything after installing this
> > item.
> >
> > Microsoft Product Support Services and Knowledge Base articles
can
> > be found on the Microsoft Technical Support web site. For
security-related
> > information about Microsoft products, please visit the Microsoft
Security
> > Advisor web site, or Contact Us.
> >
> > Thank you for using Microsoft products.
> >
> > Please do not reply to this message. It was sent from an
> unmonitored
> > e-mail address and we are unable to respond to any replies.
> >
> > ------------------------------------------------------------------------
> > The names of the actual companies and products mentioned herein
> are
> > the trademarks of their respective owners.
> >
> > Contact Us | Legal | TRUSTe
> > ©2003 Microsoft Corporation. All rights reserved. Terms of Use |
> > Privacy Statement | Accessibility
> >
> >
> > Return-Path: <wnburger@comcast.net>
> > Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> > [204.127.202.64])
> > by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> > for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> > Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> > by comcast.net (sccrmhc13) with ESMTP
> > id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003 18:14:13
> +0000
> > X-Comment: AT&T Maillennium special handling codes - xc
> > Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> > X-Comment: Sending client does not conform to RFC822 minimum
> requirements
> > X-Comment: Date has been added by Maillennium.
> > Received: from hhffwc
> > (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> > by comcast.net (sccrmhc13) with SMTP
> > id <2003091918071101600do12ne>; Fri, 19 Sep 2003 18:07:11
> +0000
> > X-Comment: AT&T Maillennium special handling code - c
> > From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> > To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> > SUBJECT: Latest Internet Critical Upgrade
> > Mime-Version: 1.0
> > Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> > Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
> >
> >
> >
>
>

Les
Fri Sep 19 14:40:26 CDT 2003

Not being on the mailing list for this update :-), I'm never going to get
enough headers to see if there's anything consistent that can be used to
block them. Some of you that are getting lots might be able to come up with
something, might not.

I presume everyone strips off .exe on incoming mail, so the remaining
annoyance is the volume incoming. With sobig of a couple of weeks ago, I
found three ip's were responsible for about 90%, so it was somewhat easy to
at least reduce the incoming by blocking these.

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !

"Kevin3NF" <Kevin@3NF-inc.com> wrote in message
news:uTtflKufDHA.3248@tk2msftngp13.phx.gbl...
> > Stupid little pain in the keyster Swen Virus!
> Amen, brudda...
>
> Kevin
>
> "Craig Pfau" <thehelpdesk(noSpam)@chdnet.com> wrote in message
> news:OjprqBufDHA.132@tk2msftngp13.phx.gbl...
> > Stupid little pain in the keyster Swen Virus!
> > "Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in
> message
> > news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> > > Here's one sample (headers are at the end):
> > >
> > > ----- Original Message -----
> > > From: Public Services
> > > To: Commercial Customer
> > > Sent: Friday, September 19, 2003 2:07 PM
> > > Subject: Latest Internet Critical Upgrade
> > >
> > >
> > > Microsoft All Products | Support | Search |
> Microsoft.com
> > > Guide
> > > Microsoft Home
> > >
> > >
> > > Microsoft Customer
> > >
> > > this is the latest version of security update, the "September
> > 2003,
> > > Cumulative Patch" update which eliminates all known security
> > vulnerabilities
> > > affecting MS Internet Explorer, MS Outlook and MS Outlook Express.
> Install
> > > now to protect your computer from these vulnerabilities, the most
> serious
> > of
> > > which could allow an malicious user to run executable on your
computer.
> > This
> > > update includes the functionality of all previously released patches.
> > >
> > >
> > > System requirements Windows 95/98/Me/2000/NT/XP
> > > This update applies to MS Internet Explorer, version 4.01
and
> > > later
> > > MS Outlook, version 8.00 and later
> > > MS Outlook Express, version 4.01 and later
> > > Recommendation Customers should install the patch at the
> earliest
> > > opportunity.
> > > How to install Run attached file. Choose Yes on displayed
> dialog
> > > box.
> > > How to use You don't need to do anything after installing
this
> > > item.
> > >
> > > Microsoft Product Support Services and Knowledge Base articles
> can
> > > be found on the Microsoft Technical Support web site. For
> security-related
> > > information about Microsoft products, please visit the Microsoft
> Security
> > > Advisor web site, or Contact Us.
> > >
> > > Thank you for using Microsoft products.
> > >
> > > Please do not reply to this message. It was sent from an
> > unmonitored
> > > e-mail address and we are unable to respond to any replies.
> > >
> >
> ------------------------------------------------------------------------
> > > The names of the actual companies and products mentioned
herein
> > are
> > > the trademarks of their respective owners.
> > >
> > > Contact Us | Legal | TRUSTe
> > > ©2003 Microsoft Corporation. All rights reserved. Terms of Use
|
> > > Privacy Statement | Accessibility
> > >
> > >
> > > Return-Path: <wnburger@comcast.net>
> > > Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> > > [204.127.202.64])
> > > by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> > > for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> > > Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> > > by comcast.net (sccrmhc13) with ESMTP
> > > id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003 18:14:13
> > +0000
> > > X-Comment: AT&T Maillennium special handling codes - xc
> > > Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> > > X-Comment: Sending client does not conform to RFC822 minimum
> > requirements
> > > X-Comment: Date has been added by Maillennium.
> > > Received: from hhffwc
> > > (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> > > by comcast.net (sccrmhc13) with SMTP
> > > id <2003091918071101600do12ne>; Fri, 19 Sep 2003 18:07:11
> > +0000
> > > X-Comment: AT&T Maillennium special handling code - c
> > > From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> > > To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> > > SUBJECT: Latest Internet Critical Upgrade
> > > Mime-Version: 1.0
> > > Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> > > Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
> > >
> > >
> > >
> >
> >
>
>

Buzz
Fri Sep 19 16:48:52 CDT 2003

turn on smtp protocol logging on the properties of the smtp virtual server
(set it to iis logfile format), then check
c:\winnt\system32\logfiles\smtpsvc1

you will see all incoming and outgoing smtp traffic, the source IP will be
there. you can then block by ip if needed.

"Les Connor [SBS MVP]" <les.connor@cfiveDEL.ca> wrote in message
news:eB1OhXufDHA.2748@TK2MSFTNGP11.phx.gbl...
> Not being on the mailing list for this update :-), I'm never going to get
> enough headers to see if there's anything consistent that can be used to
> block them. Some of you that are getting lots might be able to come up
with
> something, might not.
>
> I presume everyone strips off .exe on incoming mail, so the remaining
> annoyance is the volume incoming. With sobig of a couple of weeks ago, I
> found three ip's were responsible for about 90%, so it was somewhat easy
to
> at least reduce the incoming by blocking these.
>
> --
> Les Connor [SBS MVP]
> -------------------------------------
> SBS Rocks !
>
>
>
> "Kevin3NF" <Kevin@3NF-inc.com> wrote in message
> news:uTtflKufDHA.3248@tk2msftngp13.phx.gbl...
> > > Stupid little pain in the keyster Swen Virus!
> > Amen, brudda...
> >
> > Kevin
> >
> > "Craig Pfau" <thehelpdesk(noSpam)@chdnet.com> wrote in message
> > news:OjprqBufDHA.132@tk2msftngp13.phx.gbl...
> > > Stupid little pain in the keyster Swen Virus!
> > > "Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in
> > message
> > > news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> > > > Here's one sample (headers are at the end):
> > > >
> > > > ----- Original Message -----
> > > > From: Public Services
> > > > To: Commercial Customer
> > > > Sent: Friday, September 19, 2003 2:07 PM
> > > > Subject: Latest Internet Critical Upgrade
> > > >
> > > >
> > > > Microsoft All Products | Support | Search |
> > Microsoft.com
> > > > Guide
> > > > Microsoft Home
> > > >
> > > >
> > > > Microsoft Customer
> > > >
> > > > this is the latest version of security update, the
"September
> > > 2003,
> > > > Cumulative Patch" update which eliminates all known security
> > > vulnerabilities
> > > > affecting MS Internet Explorer, MS Outlook and MS Outlook Express.
> > Install
> > > > now to protect your computer from these vulnerabilities, the most
> > serious
> > > of
> > > > which could allow an malicious user to run executable on your
> computer.
> > > This
> > > > update includes the functionality of all previously released
patches.
> > > >
> > > >
> > > > System requirements Windows 95/98/Me/2000/NT/XP
> > > > This update applies to MS Internet Explorer, version 4.01
> and
> > > > later
> > > > MS Outlook, version 8.00 and later
> > > > MS Outlook Express, version 4.01 and later
> > > > Recommendation Customers should install the patch at the
> > earliest
> > > > opportunity.
> > > > How to install Run attached file. Choose Yes on displayed
> > dialog
> > > > box.
> > > > How to use You don't need to do anything after installing
> this
> > > > item.
> > > >
> > > > Microsoft Product Support Services and Knowledge Base
articles
> > can
> > > > be found on the Microsoft Technical Support web site. For
> > security-related
> > > > information about Microsoft products, please visit the Microsoft
> > Security
> > > > Advisor web site, or Contact Us.
> > > >
> > > > Thank you for using Microsoft products.
> > > >
> > > > Please do not reply to this message. It was sent from an
> > > unmonitored
> > > > e-mail address and we are unable to respond to any replies.
> > > >
> > >
> > ------------------------------------------------------------------------
> > > > The names of the actual companies and products mentioned
> herein
> > > are
> > > > the trademarks of their respective owners.
> > > >
> > > > Contact Us | Legal | TRUSTe
> > > > ©2003 Microsoft Corporation. All rights reserved. Terms of
Use
> |
> > > > Privacy Statement | Accessibility
> > > >
> > > >
> > > > Return-Path: <wnburger@comcast.net>
> > > > Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> > > > [204.127.202.64])
> > > > by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> > > > for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> > > > Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> > > > by comcast.net (sccrmhc13) with ESMTP
> > > > id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003
18:14:13
> > > +0000
> > > > X-Comment: AT&T Maillennium special handling codes - xc
> > > > Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> > > > X-Comment: Sending client does not conform to RFC822 minimum
> > > requirements
> > > > X-Comment: Date has been added by Maillennium.
> > > > Received: from hhffwc
> > > > (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> > > > by comcast.net (sccrmhc13) with SMTP
> > > > id <2003091918071101600do12ne>; Fri, 19 Sep 2003
18:07:11
> > > +0000
> > > > X-Comment: AT&T Maillennium special handling code - c
> > > > From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> > > > To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> > > > SUBJECT: Latest Internet Critical Upgrade
> > > > Mime-Version: 1.0
> > > > Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> > > > Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

SuperGumby
Fri Sep 19 16:55:47 CDT 2003

NAV CE identifies this as Worm.Automat.AHB or W32.Swen.A@mm.

I've created a rule in Outlook which deletes anything with these in the
body.

I'm not getting any but my sister has received several hundred, I get the
notifications from NAV though.

"Les Connor [SBS MVP]" <les.connor@cfiveDEL.ca> wrote in message
news:eB1OhXufDHA.2748@TK2MSFTNGP11.phx.gbl...
> Not being on the mailing list for this update :-), I'm never going to get
> enough headers to see if there's anything consistent that can be used to
> block them. Some of you that are getting lots might be able to come up
with
> something, might not.
>
> I presume everyone strips off .exe on incoming mail, so the remaining
> annoyance is the volume incoming. With sobig of a couple of weeks ago, I
> found three ip's were responsible for about 90%, so it was somewhat easy
to
> at least reduce the incoming by blocking these.
>
> --
> Les Connor [SBS MVP]
> -------------------------------------
> SBS Rocks !
>
>
>
> "Kevin3NF" <Kevin@3NF-inc.com> wrote in message
> news:uTtflKufDHA.3248@tk2msftngp13.phx.gbl...
> > > Stupid little pain in the keyster Swen Virus!
> > Amen, brudda...
> >
> > Kevin
> >
> > "Craig Pfau" <thehelpdesk(noSpam)@chdnet.com> wrote in message
> > news:OjprqBufDHA.132@tk2msftngp13.phx.gbl...
> > > Stupid little pain in the keyster Swen Virus!
> > > "Javier Gomez" <javier_gomez@remove.this.bit.engineer.com> wrote in
> > message
> > > news:OZTD39tfDHA.128@tk2msftngp13.phx.gbl...
> > > > Here's one sample (headers are at the end):
> > > >
> > > > ----- Original Message -----
> > > > From: Public Services
> > > > To: Commercial Customer
> > > > Sent: Friday, September 19, 2003 2:07 PM
> > > > Subject: Latest Internet Critical Upgrade
> > > >
> > > >
> > > > Microsoft All Products | Support | Search |
> > Microsoft.com
> > > > Guide
> > > > Microsoft Home
> > > >
> > > >
> > > > Microsoft Customer
> > > >
> > > > this is the latest version of security update, the
"September
> > > 2003,
> > > > Cumulative Patch" update which eliminates all known security
> > > vulnerabilities
> > > > affecting MS Internet Explorer, MS Outlook and MS Outlook Express.
> > Install
> > > > now to protect your computer from these vulnerabilities, the most
> > serious
> > > of
> > > > which could allow an malicious user to run executable on your
> computer.
> > > This
> > > > update includes the functionality of all previously released
patches.
> > > >
> > > >
> > > > System requirements Windows 95/98/Me/2000/NT/XP
> > > > This update applies to MS Internet Explorer, version 4.01
> and
> > > > later
> > > > MS Outlook, version 8.00 and later
> > > > MS Outlook Express, version 4.01 and later
> > > > Recommendation Customers should install the patch at the
> > earliest
> > > > opportunity.
> > > > How to install Run attached file. Choose Yes on displayed
> > dialog
> > > > box.
> > > > How to use You don't need to do anything after installing
> this
> > > > item.
> > > >
> > > > Microsoft Product Support Services and Knowledge Base
articles
> > can
> > > > be found on the Microsoft Technical Support web site. For
> > security-related
> > > > information about Microsoft products, please visit the Microsoft
> > Security
> > > > Advisor web site, or Contact Us.
> > > >
> > > > Thank you for using Microsoft products.
> > > >
> > > > Please do not reply to this message. It was sent from an
> > > unmonitored
> > > > e-mail address and we are unable to respond to any replies.
> > > >
> > >
> > ------------------------------------------------------------------------
> > > > The names of the actual companies and products mentioned
> herein
> > > are
> > > > the trademarks of their respective owners.
> > > >
> > > > Contact Us | Legal | TRUSTe
> > > > ©2003 Microsoft Corporation. All rights reserved. Terms of
Use
> |
> > > > Privacy Statement | Accessibility
> > > >
> > > >
> > > > Return-Path: <wnburger@comcast.net>
> > > > Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net
> > > > [204.127.202.64])
> > > > by spf1.us4.outblaze.com (Postfix) with ESMTP id 523602A0EB6
> > > > for <myaddress@nospam.com>; Fri, 19 Sep 2003 18:15:04 +0000 (GMT)
> > > > Received: from sccrmhc13.comcast.net (localhost[127.0.0.1])
> > > > by comcast.net (sccrmhc13) with ESMTP
> > > > id <2003091918141301600dlgcbe>; Fri, 19 Sep 2003
18:14:13
> > > +0000
> > > > X-Comment: AT&T Maillennium special handling codes - xc
> > > > Date: Fri, 19 Sep 2003 18:07:13 +0000 (GMT)
> > > > X-Comment: Sending client does not conform to RFC822 minimum
> > > requirements
> > > > X-Comment: Date has been added by Maillennium.
> > > > Received: from hhffwc
> > > > (pcp03986138pcs.orovly01.az.comcast.net[68.38.56.75])
> > > > by comcast.net (sccrmhc13) with SMTP
> > > > id <2003091918071101600do12ne>; Fri, 19 Sep 2003
18:07:11
> > > +0000
> > > > X-Comment: AT&T Maillennium special handling code - c
> > > > From: "Public Services" <srcvnbutyo@bulletin.ms.net>
> > > > To: "Commercial Customer" <customer_jycykrkgul@bulletin.ms.net>
> > > > SUBJECT: Latest Internet Critical Upgrade
> > > > Mime-Version: 1.0
> > > > Content-Type: multipart/mixed; boundary="cwhphcsqyuvdjf"
> > > > Message-Id: <20030919181504.523602A0EB6@spf1.us4.outblaze.com>
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

dilltech
Mon Sep 22 14:36:08 CDT 2003

Not sure but... isn't there a way to have OUTLOOK reject
anything with a certain type of attachment...i.e. *.exe?

if so wouldn't this reject these bad emails?

RickD

>-----Original Message-----
>I am getting bombarded with emails containg the false
security patch from
>MS, and the qmail notices of failed deliveries. My AV is
catching all of the
>bad files but still getting the main email (123 today and
counting). Trying
>to control this with rules. IS there another way to stop
this mail from
>getting to me?
>
>
>.
>

Karakas,
Wed Sep 24 05:42:11 CDT 2003

Dear John,

There is an event sink available that blocks these mails here:
http://www.vamsoft.com/orf/tools.asp

Gyula Karakas
orf support
www.vamsoft.com/orf

"John C. Harris, MPA" <harris1214@tampabay.rr.com> wrote
> I am getting bombarded with emails containg the false security patch from
> MS, and the qmail notices of failed deliveries. My AV is catching all of
the
> bad files but still getting the main email (123 today and counting).
Trying
> to control this with rules. IS there another way to stop this mail from
> getting to me?
>
>

Bombarded with Fake MS Mail

Re: Bombarded with Fake MS Mail by Les

Re: Bombarded with Fake MS Mail by Marcia

Re: Bombarded with Fake MS Mail by John

Re: Bombarded with Fake MS Mail by Les

Re: Bombarded with Fake MS Mail by Les

Re: Bombarded with Fake MS Mail by Javier

Re: Bombarded with Fake MS Mail by Javier

Re: Bombarded with Fake MS Mail by Javier

Re: Bombarded with Fake MS Mail by Marcia

Re: Bombarded with Fake MS Mail by Craig

Re: Bombarded with Fake MS Mail by Craig

Re: Bombarded with Fake MS Mail by Kevin3NF

Re: Bombarded with Fake MS Mail by Les

Re: Bombarded with Fake MS Mail by Buzz

Re: Bombarded with Fake MS Mail by SuperGumby

Bombarded with Fake MS Mail by dilltech

Re: Bombarded with Fake MS Mail by Karakas,