The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> System Administration
> Antivirus Protection
|
Warning: Patch256.exe (Likely Virus)
Discuss Warning: Patch256.exe (Likely Virus) in the Antivirus Protection forum on Dev Shed.
Warning: Patch256.exe (Likely Virus) Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
September 10th, 2003, 05:42 PM
|
 |
An Ominous Coward
|
|
|
|
Warning: Patch256.exe (Likely Virus)
I have received an e-mail with the attached file "patch256.exe". The e-mail claims to be from "MS Network Security Section" and appears to be from a spoofed e-mail address (gzgqvxmflv_632167@iPEIRCM.com). The text of the e-mail can be had here.
I am unfamiliar with this particular virus/hoax. Can anyone confirm this is new?
I am without my Linux box, so I cannot do anything with this file. If anyone wants me to e-mail a copy of it to them, PM me with the e-mail address.
Last edited by Ctb : September 10th, 2003 at 05:51 PM.
|
September 10th, 2003, 06:34 PM
|
 |
Perl Hacker turned Farmer
|
|
Join Date: Aug 2003
Location: Idaho Boondocks
|
|
|
A few things that stand out about the text of the email.
A) Microsoft never mails out security advisories with attached patches.
B) Whenever Microsoft releases a patch, they provide a direct link to their site that contains specific details about the patch and what it fixes. This is missing.
C) Though much better than most, the grammar in this text is not entirely correct - almost always a dead give away.
Gonna PM Ctb for the file and will run it through the virus scanner.
|
September 10th, 2003, 06:40 PM
|
|
|
I just got an email from my ISP support warning about a couple new viruses that are rumored to be released tomorrow 9/11
Maybe you are a beta? 
As raklet said, MS will never send around an executable via email.
|
September 10th, 2003, 06:53 PM
|
|
An Ominous Coward
|
|
|
|
|
Raklet -
Sent you a forward of the whole e-mail. Note the Return-Path: in the headers appears to be a valid e-mail address at tijd.com
I've posted this to a MS Security Forum just in case it is new... but I'm hoping I'm wrong or tomorrow could be a veeerrryyyy bad day for me.
|
September 10th, 2003, 07:20 PM
|
|
Perl Hacker turned Farmer
|
|
Join Date: Aug 2003
Location: Idaho Boondocks
|
|
The file is a virus.
W32.Gibe.B@mm
Quick summary from Symantec with link to follow:
Wild: Low
Damage: Low
Distribution: High
Payload is large scale emailing
Displays a fake message claiming to be from Microsoft.
Copies itself to multiple system and registry locations.
Can spread through email, Kazaa, mIRC, and mapped network drives.
Can be removed through virus scan. Doesn't appear to need special removal tool.
Full Details:
http://securityresponse.symantec.co....gibe.b@mm.html
|
September 10th, 2003, 08:40 PM
|
|
An Ominous Coward
|
|
|
|
|
Excellent work - thanks raklet!
I don't worry about recognized viruses because I rarely get a Windows virus in my e-mail, but I didn't recognize this one right away. Normally, that means it's new or it's distribution is on the rise. I guess I just got a false alarm on that one.
As for 9/11, I'd expect a new round of SoBig to take off tomorrow. The current version expired today.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
