Hi, Following links provide further details: http://www.theregister.co.uk/content/56/32925.html http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.ht ml Regards Lee -- Lee Evans > -----Original Message----- > From: Mail [mailto:mail@Gnome.CA] On Behalf Of Bruno Clermont > Sent: 19 September 2003 15:57 > To: bugtraq@securityfocus.com > Subject: Wave of fake Official Microsoft Advisory > > > Since this morning I start seeing tons of fake Microsoft > Advisories by mail. They contain a .exe attachment. > > Running strings(1) on the file show it contain it's own HTML > mail source (and other version of the advisory), and many of > the stuff it try to do: > > - Increment a web counter "GET > http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&; set=cnt006 HTTP/1.0" - query a POP3 account at ww2.fce.vutbr.cz - retrieve stuff from a newsgroup and post a message - modify mIRC configuration - alter some Kaaza registry keys - probably more stuff in all the encoded content The mail really look like an official Microsoft communication with all those legal reference to microsoft.com website. At the rate those mail are coming many users had already been fooled, and infection had just started. Some of the original mails (with .exe attachment) are available in mbox format at http://www.gnome.ca/ms.mbox.
