] [Thread Prev
Fw: [ VIRUS WARNING ] - Worm/Gibe - 03/12/2002
- To: "Yann Geron" <firstname.lastname@example.org>, email@example.com, "Wolf, Bill" <firstname.lastname@example.org>, "William Mcallister" <BILLYBUDDHA@webtv.net>, "Wayne Krantz" <email@example.com>, "Tony & Sid" <firstname.lastname@example.org>, "Tommy Curran" <email@example.com>, "Todd Klein" <firstname.lastname@example.org>, "Tina Jänicke" <email@example.com>, "The Virg" <firstname.lastname@example.org>, "The Grockis" <email@example.com>, "Tamburro, Vincenzo" <firstname.lastname@example.org>, "Susan Durfee" <email@example.com>, firstname.lastname@example.org, "Steve Greenfield" <email@example.com>, "Steve Durels" <firstname.lastname@example.org>, "STEPHAN Metzger" <email@example.com>, "Stephan Metzger" <firstname.lastname@example.org>, "Stanley Pinska" <email@example.com>, "Sean Portnoy" <firstname.lastname@example.org>, "Scott Rees" <email@example.com>, "Scott Lewis" <firstname.lastname@example.org>, "Russ Zack" <email@example.com>, "Robert Oliver" <firstname.lastname@example.org>, "Rick Walker (loop.pool)" <GLOBAL@cruzio.com>, "René G. Ceballos" <email@example.com>, Reaktorfirstname.lastname@example.org, "Proof 151" <email@example.com>, firstname.lastname@example.org, "Phil Marino" <email@example.com>, "Peter Acker" <firstname.lastname@example.org>, "Paul Fraser" <email@example.com>, "Patrick O'Donnell" <firstname.lastname@example.org>, "Nontecbabe" <Nontecbabe@aol.com>, "Nikki Santucci" <Nikki@geronlaw.com>, "Neil Kessner" <email@example.com>, "Neil Doherty" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, "Mike Zaccaro" <firstname.lastname@example.org>, "Mike Levy" <MFLDVP@aol.com>, "Midge Nutman" <MNUTMAN@rosscohen.com>, "Michael Reynolds" <email@example.com>, "Michael Rao" <firstname.lastname@example.org>, "Michael Levy" <email@example.com>, "Michael LaMeyer" <firstname.lastname@example.org>, "Michael L. Pearson" <email@example.com>, firstname.lastname@example.org, "Matt Swenson" <email@example.com>, "Mary & Mike Lemoult" <firstname.lastname@example.org>, "Mario De Ciutiis" <email@example.com>, "Marcy Kaye" <firstname.lastname@example.org>, Madlove70@aol.com, LWawrzinek@aol.com, "Luis Bravo" <email@example.com>, "Lori Skjeveland" <Lori.A.Skjeveland@usa.xerox.com>, Loopers-Delight@loopers-delight.com, "Lisette Rodriguez" <Lissette@rhcrlaw.com>, "Lind, Jeffrey" <firstname.lastname@example.org>, "Lee Hopp" <Playbacksi@hotmail.com>, email@example.com, "Layne S. Frank" <firstname.lastname@example.org>, "Layne S Frank" <email@example.com>, "Lacardullo" <firstname.lastname@example.org>, "Kris Sookraj" <email@example.com>, "Koerner, Jonathan \[FI\]" <firstname.lastname@example.org>, "KEYS Cummings" <email@example.com>, "Kenny Lozano" <firstname.lastname@example.org>, "Kenneth Roko" <Kroko@superstructures.com>, "Ken Bob Skjeveland" <email@example.com>, "Kelly Chan" <firstname.lastname@example.org>, "Keith Cody" <email@example.com>, "Katrina Cockerham" <firstname.lastname@example.org>, "Karl Andren" <email@example.com>, "Karen Savage Goldman" <firstname.lastname@example.org>, "Julie Condy" <email@example.com>, "Josh Sinel" <firstname.lastname@example.org>, "Josh Goldman (E-mail)" <email@example.com>, "Josephine Ng" <firstname.lastname@example.org>, "JONNAMC" <JONNAMC@aol.com>, "John Margaritis" <email@example.com>, "John Kosa" <firstname.lastname@example.org>, "John Koerner" <email@example.com>, "John Kelly" <JKelly6045@aol.com>, "John Holston" <firstname.lastname@example.org>, "John Cahill" <email@example.com>, firstname.lastname@example.org, "Joanne S. Fryer" <Jsf22@aol.com>, email@example.com, JGregg8877@aol.com, "Jessica" <firstname.lastname@example.org>, "Jeremy Bier" <email@example.com>, "Jeff Reich" <firstname.lastname@example.org>, "JComp" <JComp@G2X.COM>, "Jason Sawyer (Electrix)" <email@example.com>, "Jane Porges" <firstname.lastname@example.org>, "Jack Heffernan" <Jackheff@aol.com>, "ira adler" <email@example.com>, firstname.lastname@example.org, "IK Multimedia Tech Support Staff" <email@example.com>, HarryEsq@aol.com, "Gregg Z. Bonura" <firstname.lastname@example.org>, "Gregg Winter" <email@example.com>, "Gregg Schenker" <firstname.lastname@example.org>, "Gregg Saver" <email@example.com>, "Greg Bonura" <firstname.lastname@example.org>, "Gordon Tapper" <email@example.com>, GMSDRUM@aol.com, "George Martel" <firstname.lastname@example.org>, email@example.com, "Frank Haines" <firstname.lastname@example.org>, FOREDRUMN@aol.com, "Firinn Taisdeal" <email@example.com>, firstname.lastname@example.org, "Erica Briggs" <email@example.com>, "Eric Reinken" <Reinken@erols.com>, "Eric Hirsch" <EHirsch@murrayhill.com>, firstname.lastname@example.org, email@example.com, "Doug Jones" <firstname.lastname@example.org>, "Doug Goldblatt" <email@example.com>, "Devine, Connie \[BUC/Danbury\]" <CDevine@bransonultrasonics.com>, "DeLucia, Darrin" <ddelucia@TULLIB.COM>, "DeBonis, Marie K. N." <MKNDeBonis@bingham.com>, "David J Ellis" <DavidEllis@aol.com>, "Dave Kanbar" <firstname.lastname@example.org>, "Dave & Robin Klein" <Willsjake@aol.com>, "Daniel Ash (work)" <email@example.com>, "Daniel Ash (home)" <firstname.lastname@example.org>, "Dan Oglevee" <email@example.com>, "Customer Service Email Team - Ohio" <CServeOH@kable.com>, "Customer Service" <firstname.lastname@example.org>, "Cubase Customer Support" <email@example.com>, "Cousin Nancy Alligood-Ellis" <firstname.lastname@example.org>, "Cornelius Curry" <email@example.com>, "Connie Rossi" <firstname.lastname@example.org>, "Clifford@BienAppraisers" <email@example.com>, "Cheryl Medford" <firstname.lastname@example.org>, "Cecile P Tucci" <email@example.com>, CCarlson@bransonultrasonics.com, "Carol Lynn Smith" <firstname.lastname@example.org>, Bvila@aol.com, "Bruce Bronson" <email@example.com>, "Brian Smalley" <firstname.lastname@example.org>, "Brian Cummings" <Brian_Cummings@yahoo.com>, "Bobby DEAL Seidenberg" <MRBLUE1111@aol.com>, "Bobby Boy Cummings" <email@example.com>, firstname.lastname@example.org, "Bob Tolve" <email@example.com>, "Bob (home e mail) Cummings" <firstname.lastname@example.org>, email@example.com, "Bill Cummings" <firstname.lastname@example.org>, "Bill Cummings" <email@example.com>, "Bennett Killmer" <firstname.lastname@example.org>, email@example.com, "Barbara Gregory" <firstname.lastname@example.org>, "Barbara Eisenstadt" <Beisenstadt@murrayhill.com>, "Barbara Edelman" <email@example.com>, "Artie Shear" <firstname.lastname@example.org>, "AMY" <email@example.com>, "Aldo Mazza" <firstname.lastname@example.org>, email@example.com, "Adam Lauzar" <firstname.lastname@example.org>
- From: email@example.com
- Subject: Fw: [ VIRUS WARNING ] - Worm/Gibe - 03/12/2002
- Date: Tue, 12 Mar 2002 12:20:22 -0600
URGENT, Don't open this attachment if you get it. It is a virus disguised
a Security Update from MICROSOFT. I received it 3X this morning 3/12/02. It
ISW NOT A LEGITIMATE SECURITY UPDATE FROM MICROSOFT. Do not open and run
attachment. Delete the e-mail and all of it's contents. Thank you for
Worm/Gibe is an Internet worm that attempts to spread through e-mail by
using addresses it collects in the Microsoft Outlook Address Book. It
disguises itself as a legitimate Microsoft Security Update.
----- Original Message -----
From: "Central Command News" <firstname.lastname@example.org>
Sent: Tuesday, March 12, 2002 7:19 AM
Subject: [ VIRUS WARNING ] - Worm/Gibe - 03/12/2002
> CENTRALCOMMAND.COM Newsletter
> Without us, there's no defense.T
> You are receiving this news letter because you are a subscriber
> to the Central Command News mailing list.
> **| DON'T WAIT TO BE A VIRUS VICTIM! |**
> Another virus outbreak can happen anytime! Don't wait to be a
> victim of a computer virus attack, get Vexira Antivirus today.
> Vexira Antivirus starts at only $49.95! Buy now:
> Central Command is issuing a VIRUS WARNING for Worm/Gibe due to
> increased virus reports to our technical support department.
> Central Command discovered this Internet worm on March 4, 2002
> and Vexira Antivirus has been updated to detect and stop this
> Internet worm.
> Name: Worm/Gibe
> Alias: Win32.Gibe@mm
> Type: Internet Worm
> Discovered: 04-03-2002
> Size: ~122.9KB
> ITW: Yes
> Worm/Gibe is an Internet worm that attempts to spread through
> e-mail by using addresses it collects in the Microsoft Outlook
> Address Book. It disguises itself as a legitimate Microsoft
> Security Update.
> The worm would arrive through e-mail in the following format:
> Subject: Internet Security Update
> Body: Microsoft Customer,
> this is the latest version of security update, the update which
> eliminates all known security vulnerabilities affecting Internet
> Explorer and MS Outlook/Express as well as six new
> vulnerabilities, and is discussed in Microsoft Security Bulletin
> MS02-005. Install now to protect your computer from these
> vulnerabilities, the most serious of which could allow an
> attacker to run code on your computer.
> Description of several well-know vulnerabilities:
> - "Incorrect MIME Header Can Cause IE to Execute E-mail
> Attachment" vulnerability. If a malicious user sends an affected
> HTML e-mail or hosts an affected e-mail on a Web site, and a user
> opens the e-mail or visits the Web site, Internet Explorer
> automatically runs the executable on the user's computer.
> - A vulnerability that could allow an unauthorized user to learn
> the location of cached content on your computer. This could
> enable the unauthorized user to launch compiled HTML Help (.chm)
> files that contain shortcuts to executables, thereby enabling the
> unauthorized user to run the executables on your computer.
> - A new variant of the "Frame Domain Verification" vulnerability
> could enable a malicious Web site operator to open two browser
> windows, one in the Website's domain and the other on your local
> file system, and to pass information from your computer to the
> Web site.
> - CLSID extension vulnerability. Attachments which end with a
> CLSID file extension do not show the actual full extension of the
> file when saved and viewed with Windows Explorer. This allows
> dangerous file types to look as though they are simple, harmless
> files - such as JPG or WAV files - that do not need to be
> System requirements:
> Versions of Windows no earlier than Windows 95.
> This update applies to:
> Versions of Internet Explorer no earlier than 4.01
> Versions of MS Outlook no earlier than 8.00
> Versions of MS Outlook Express no earlier than 4.01
> How to install:
> Run attached file q216309.exe
> How to use:
> You don't need to do anything after installing this item.
> For more information about these issues, read Microsoft Security
> Bulletin MS02-005, or visit link below....
> If you have some questions about this article contact us at
> Thank you for using Microsoft products.
> With friendly greetings,
> MS Internet Security Center.
> Attachment: q216309.exe
> Read a full virus description by clicking the link below:
> [ Subscription information ]
> Central Command, Inc. respects your online privacy. You at anytime
> can easily remove your e-mail address from the Central Command mailing
> list by entering in your e-mail address at the following web page:
> You will receive a confirmation message about your successful
> removal from News.
> [ Legal Notice and Disclaimer ]
> THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.
> Disclaimer of warranties and limitation of liability
> This information is provided by Central Command, Inc. on an "AS IS"
> and "AS AVAILABLE" basis. Central Command, Inc. makes no
> representations or warranties of any kind, express or implied, as to
> the information, content, materials, or products included, or
> mentioned within this information bulletin. You expressly agree that
> your use of this information is at your sole risk. The user assumes
> the entire risk as to the accuracy and the use of this document.
> To the full extent permissible by applicable law, Central Command,
> Inc. disclaims all warranties, express or implied, including, but
> not limited to, implied warranties of merchantability and fitness
> for a particular purpose and freedom from infringement. Central
> Command, Inc. does not warrant that this information is accurate.
> Central Command, Inc. will not be liable for any damages of any kind
> arising from the use of this information, including, but not limited
> to direct, indirect, incidental, punitive, and consequential
> Certain state laws do not allow limitations on implied warranties or
> the exclusion or limitation of certain damages. if these laws apply
> to you, some or all of the above disclaimers, exclusions, or
> limitations may not apply to you, and you might have additional
> [ Copyrights and Trademarks ]
> Central Command, PerfectSupport, EVRT, Emergency Virus Response
> Team, Virus Protection for the Real World, Without us, there's no
> defense. are trademarks of Central Command Inc. All other
> trademarks, trade name and product names are property of their
> respective owners. Copyright © 2000, 2001, 2002 Central Command
> Inc. All rights reserved.