From: Marlon Borba Sent: Sunday, March 10, 2002 1:37 PM To: bugtraq@securityfocus.com Subject: Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update) <snip> Be careful with fake 'advisories' like this, specially if they come with an '.exe' attached. Cheers, Marlon. <snip forwarded mail> Indeed folks should be careful - this would be the result of the mass-mail vector propagated by W32/Gibe@MM-infected systems. This virus (which incidentally drops a Trojan backdoor when it is activated) was identified by the various AV vendors last week. NAI - http://vil.nai.com/vil/content/v_99377.htm Symantec - http://www.symantec.com/avcenter/venc/data/w32.gibe@mm.html Sophos - http://www.sophos.com/virusinfo/analyses/w32gibea.html F-Secure - http://www.europe.f-secure.com/v-descs/gibe.shtml Others - http://www.google.ca/search?q=W32%2FGibe@MM&hl=en&btnG=Google+Search&meta= Alex Arndt, GCIA "Within all order is the potential for chaos..."
