|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Application developers can seamlessly integrate the Advantage Database install with their application install. Learn the best practices used when setting up silent installs with this seminar. |
|
#1
September 10th, 2003, 05:42 PM
|
||||
|
||||
Warning: Patch256.exe (Likely Virus)
I have received an e-mail with the attached file "patch256.exe". The e-mail claims to be from "MS Network Security Section" and appears to be from a spoofed e-mail address (gzgqvxmflv_632167@iPEIRCM.com). The text of the e-mail can be had here.
I am unfamiliar with this particular virus/hoax. Can anyone confirm this is new? I am without my Linux box, so I cannot do anything with this file. If anyone wants me to e-mail a copy of it to them, PM me with the e-mail address. Last edited by Ctb : September 10th, 2003 at 05:51 PM.
|
|
#2
September 10th, 2003, 06:34 PM
|
||||
|
||||
|
A few things that stand out about the text of the email.
A) Microsoft never mails out security advisories with attached patches. B) Whenever Microsoft releases a patch, they provide a direct link to their site that contains specific details about the patch and what it fixes. This is missing. C) Though much better than most, the grammar in this text is not entirely correct - almost always a dead give away. Gonna PM Ctb for the file and will run it through the virus scanner.
|
|
#3
September 10th, 2003, 06:40 PM
|
|||
|
|||
|
I just got an email from my ISP support warning about a couple new viruses that are rumored to be released tomorrow 9/11
Maybe you are a beta?  As raklet said, MS will never send around an executable via email.
|
|
#4
September 10th, 2003, 06:53 PM
|
||||
|
||||
|
Raklet -
Sent you a forward of the whole e-mail. Note the Return-Path: in the headers appears to be a valid e-mail address at tijd.com I've posted this to a MS Security Forum just in case it is new... but I'm hoping I'm wrong or tomorrow could be a veeerrryyyy bad day for me.
|
|
#5
September 10th, 2003, 07:20 PM
|
||||
|
||||
|
The file is a virus.
W32.Gibe.B@mm Quick summary from Symantec with link to follow: Wild: Low Damage: Low Distribution: High Payload is large scale emailing Displays a fake message claiming to be from Microsoft. Copies itself to multiple system and registry locations. Can spread through email, Kazaa, mIRC, and mapped network drives. Can be removed through virus scan. Doesn't appear to need special removal tool. Full Details: http://securityresponse.symantec.co....gibe.b@mm.html
|
|
#6
September 10th, 2003, 08:40 PM
|
||||
|
||||
|
Excellent work - thanks raklet!
I don't worry about recognized viruses because I rarely get a Windows virus in my e-mail, but I didn't recognize this one right away. Normally, that means it's new or it's distribution is on the rise. I guess I just got a false alarm on that one. As for 9/11, I'd expect a new round of SoBig to take off tomorrow. The current version expired today.
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Warning: Patch256.exe (Likely Virus) |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
 |
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
