/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
microsoft security bulletin?
Fra : Ole Michaelsen


Dato : 13-03-02 08:53

Hmm, har lige modtaget følgende. Jeg bruger ikke software fra MS, brevet er ikke
underskrevet, og reply-adressen (rdquest12@microsoft.com) bouncer...

'strings' viser ikke noget spændende i den vedhæftede fil. Jeg kan sende filen,
hvis nogen er interesserede (og splitte sådan een ad og se hvad den gør).


Falsk alarm?

-- Ole

From dfalk@telusplanet.net Wed Mar 13 03:38:14 2002
Return-Path: <dfalk@telusplanet.net>
Delivered-To: omic+nofuckingmail@fys.ku.dk
Received: from priv-edtnes04-hme0.telusplanet.net (fepout2.telus.net [199.185.220.237])
by kirstine.fys.ku.dk (Postfix) with ESMTP id 5575519738
for <omic+nofuckingmail@fys.ku.dk>; Wed, 13 Mar 2002 03:38:09 +0100 (CET)
Received: from pfuckie ([142.173.153.241])
by priv-edtnes04-hme0.telusplanet.net
(InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP
id <20020313023751.IPQV23959.priv-edtnes04-hme0.telusplanet.net@pfuckie>;
Tue, 12 Mar 2002 19:37:51 -0700
From: "Microsoft Corporation Security Center" <rdquest12@microsoft.com>
To: "Microsoft Customer" <'customer@yourdomain.com'>
Subject: Internet Security Update
Reply-To: <rdquest12@microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="NextPart_000235"
Message-Id: <20020313023751.IPQV23959.priv-edtnes04-hme0.telusplanet.net@pfuckie>
Date: Tue, 12 Mar 2002 19:37:57 -0700
Status: RO
Content-Length: 169069
Lines: 2238

[-- Attachment #1 --]
[-- Type: text/plain, Encoding: quoted-printable, Size: 2.6K --]
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Microsoft Customer,

this is the latest version of security update, the
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.


Description of several well-know vulnerabilities:

-MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.

- A vulnerability that could allow an unauthorized user to learn the location
of cached content on your computer. This could enable the unauthorized
user to launch compiled HTML Help (.chm) files that contain shortcuts to
executables, thereby enabling the unauthorized user to run the executables
on your computer.

- A new variant of the "Frame Domain Verification" vulnerability could enable a
malicious Web site operator to open two browser windows, one in the Web site's
domain and the other on your local file system, and to pass information from
your computer to the Web site.

- CLSID extension vulnerability. Attachments which end with a CLSID file extension
do not show the actual full extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to look as though they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.


System requirements:
Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01

How to install
Run attached file q216309.exe

How to use
You don't need to do anything after installing this item.



For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/default.asp
If you have some questions about this article contact us at rdquest12@microsoft.com

Thank you for using Microsoft products.

With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.

--NextPart_000235
Content-Type: application/x-msdownload;
nam
[-- Attachment #2: q216309.exe --]
[-- Type: application/x-msdownload, Encoding: base64, Size: 162K --]
Content-Type: application/x-msdownload;
name="q216309.exe"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="q216309.exe"

[-- application/x-msdownload is unsupported (use 'v' to view this part) --]

 
 
// Overby (13-03-2002)
Kommentar
Fra : // Overby


Dato : 13-03-02 11:03

> Falsk alarm?

Kunne man godt tro - der er i hvert fald ingen opdatering på windows
update - det plejer der at være når der komme sådan en fætter

Daniel




Klaus Ellegaard (13-03-2002)
Kommentar
Fra : Klaus Ellegaard


Dato : 13-03-02 12:08

>> Falsk alarm?

>Kunne man godt tro - der er i hvert fald ingen opdatering på windows
>update - det plejer der at være når der komme sådan en fætter

Det er en virus.

Mvh.
   Klaus.

Andreas Kryger Jense~ (13-03-2002)
Kommentar
Fra : Andreas Kryger Jense~


Dato : 13-03-02 12:23

> Falsk alarm?
http://zdnet.com.com/2100-1104-853235.html

--
Best regards / Mes meilleures amitiés / Med venlig hilsen
Andreas Kryger Jensen
http://www.compose.subnet.dk
linux er gratis, hvis din tid er værdiløs



Jacob Rasmussen (13-03-2002)
Kommentar
Fra : Jacob Rasmussen


Dato : 13-03-02 14:52

Ole Michaelsen wrote:
>
> Hmm, har lige modtaget følgende. Jeg bruger ikke software fra MS, brevet er ikke
> underskrevet, og reply-adressen (rdquest12@microsoft.com) bouncer...
>
> 'strings' viser ikke noget spændende i den vedhæftede fil. Jeg kan sende filen,
> hvis nogen er interesserede (og splitte sådan een ad og se hvad den gør).
>
> Falsk alarm?

Ja, det kan der vist ikke være tvivl om. En søgning på "q216309.exe" i
google giver en håndfuld virus 'bulletins' der beskriver hvad den gør,
herunder installation af en bagdør i windows på port 12378.

Jeg har selv modtaget tre i løbet af de sidste par dage, og vil gerne
advare vedkommende om at de var inficerede. Men de adresser der står i
headeren siger mig intet. Er der nogen der kan fortælle mig hvem
afsender er i denne header:

---
Return-Path: <aimcomm@intergate.ca>
Delivered-To: drebin@diku.dk
Received: (qmail 9956 invoked from network); 11 Mar 2002 19:26:48 -0000
Received: from unknown (HELO hermes.intergate.ca) (207.34.179.108)
by hugin.diku.dk with SMTP; 11 Mar 2002 19:26:48 -0000
Received: (qmail 37405 invoked by uid 1007); 11 Mar 2002 19:26:37 -0000
Received: from aimcomm@intergate.ca by hermes.intergate.ca with
qmail-scanner-0.93 (uvscan: v4.0.50/v4189. . Clean. Processed in
5.563105 secs); 11/03/2002 11:26:32
Received: from fat-dynamic6.fatwire.net (HELO pfuckie) (207.194.174.6)
by hermes.intergate.ca with SMTP; 11 Mar 2002 19:26:31 -0000
From: "Microsoft Corporation Security Center" <rdquest12@microsoft.com>
To: "Microsoft Customer" <'customer@yourdomain.com'>
Subject: Internet Security Update
Reply-To: <rdquest12@microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="NextPart_000235"
Parts/Attachments:
1 Shown ~63 lines Text
2 126 KB Application
---

Det ser ud som om det er "aimcomm@intergate.ca" men jeg kender ingen i
Canada og heller ikke dette firma siger mig noget. Anyone?

FUT: dk.edb.sikkerhed.virus

MVH Jacob

Søg
Reklame
Statistik
Spørgsmål : 177560
Tips : 31968
Nyheder : 719565
Indlæg : 6408942
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste