Convinced this is a virus

[petermeachem]

But which one. Norton thinks it isn't, so does trendmicro. Part of message follows.

From: &quot;Microsoft Corporation Security Services&quot; <wnfommmebhqejr@advisor_msn.com>
To: &quot;Microsoft Customer&quot; <>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=&quot;kxvqhjtyl&quot;
Message-Id: < >
X-UIDL: b<a!!Zpa!!Zip!!dc1!!
X-SpamPal: PASS
Subject: Network Critical Patch

--kxvqhjtyl
Content-Type: multipart/related; boundary=&quot;bcxazcmfqnwftjani&quot;;
type=&quot;multipart/alternative&quot;

--bcxazcmfqnwftjani
Content-Type: multipart/alternative; boundary=&quot;xlylhmlwiyrbvvzw&quot;

--xlylhmlwiyrbvvzw
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

MS Customer

this is the latest version of security update, the
&quot;September 2003, Cumulative Patch&quot; update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality =
of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch =
at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.

http://www.accuflight.com

http://www.lettersdirect.co.uk

http://www.ourhouseinportugal.co.uk/

 

[petermeachem]

Having read to the end of the file (vpop doesn't show the whole thing in my defence) I see that Norton had cleaned it. I think it was a Sven, reported as worm.automat.ahb

http://www.accuflight.com

http://www.lettersdirect.co.uk

http://www.ourhouseinportugal.co.uk/

 

[greyted]

Hello Peter,

Think you are correct.

For others who are interested go here and click on the W32.Sven.A@mm link for information.

http://www.symantec.com/

Ted

&quot;The difference between a misfortune and a calamity is this: If Gladstone fell into the Thames, it would be a misfortune. But if someone dragged him out again, that would be a calamity.&quot;
Benjamin Disraeli.

 

[telthecelt]

Hi Peter and Ted
Got caught by this myself on Friday and paid for it.Fixing it with helpful suggestions from folk on the general virus discussion.
Microsoft notes say that they never send patches etc as attachments so that it is one way of distinguishing spoof from genuine.But will I know better next time?
Cheers,
Telthecelt

 

[greyted]

telthecelt,
Hope you are clear of the virus?

Indeed, your comments with regard to MS not sending patches via e-mail are correct.

Best to check the MS site for Critical updates, also checking the various anti-virus sites will keep you informed of the latest problems.

There are very knowledgeable and helpful people here.

Good luck






Ted

&quot;The difference between a misfortune and a calamity is this: If Gladstone fell into the Thames, it would be a misfortune. But if someone dragged him out again, that would be a calamity.&quot;
Benjamin Disraeli.

 

[gedC]

If anyone's interested I've had this one too. I was highly suspicious so I didn't open the attachment and checked with a member of IT support at work who told me that Microsoft don't email their patches and fixes to customers. It's true what they say about emails... &quot;If in doubt, just delete them&quot;

GedC

 

[lullysing]

It's sven alright. delete.


When in doubt, delete is indeed right in this case. NEVER open attachments from the wild. Microsoft is not big brother, and he doesn't know which operating system you are on.

I work the abuse mailboxes , and when i see 10 emails from microsoft corporation in it, i know something's fishy. Usually a dead givaway is that the emails are so impersonnal, and always ask you to click on any kind of widget to &quot;fix&quot; or &quot;install&quot; or &quot;check out&quot; something.

 

[enkie]

I agree. Better safe than sorry