URGENT, Don't open this attachment if you get it. It is a virus disguised as a Security Update from MICROSOFT. I received it 3X this morning 3/12/02. It ISW NOT A LEGITIMATE SECURITY UPDATE FROM MICROSOFT. Do not open and run the attachment. Delete the e-mail and all of it's contents. Thank you for listening !!! BC Description: ------------ Worm/Gibe is an Internet worm that attempts to spread through e-mail by using addresses it collects in the Microsoft Outlook Address Book. It disguises itself as a legitimate Microsoft Security Update. ----- Original Message ----- From: "Central Command News" <firstname.lastname@example.org> To: <email@example.com> Sent: Tuesday, March 12, 2002 7:19 AM Subject: [ VIRUS WARNING ] - Worm/Gibe - 03/12/2002 > > CENTRALCOMMAND.COM Newsletter > Without us, there's no defense.T > > You are receiving this news letter because you are a subscriber > to the Central Command News mailing list. > > **| DON'T WAIT TO BE A VIRUS VICTIM! |** > Another virus outbreak can happen anytime! Don't wait to be a > victim of a computer virus attack, get Vexira Antivirus today. > Vexira Antivirus starts at only $49.95! Buy now: > http://store.centralcommand.com > > Central Command is issuing a VIRUS WARNING for Worm/Gibe due to > increased virus reports to our technical support department. > Central Command discovered this Internet worm on March 4, 2002 > and Vexira Antivirus has been updated to detect and stop this > Internet worm. > > Details: > > Name: Worm/Gibe > Alias: Win32.Gibe@mm > Type: Internet Worm > Discovered: 04-03-2002 > Size: ~122.9KB > ITW: Yes > > Description: > > Worm/Gibe is an Internet worm that attempts to spread through > e-mail by using addresses it collects in the Microsoft Outlook > Address Book. It disguises itself as a legitimate Microsoft > Security Update. > > The worm would arrive through e-mail in the following format: > > Subject: Internet Security Update > > Body: Microsoft Customer, > > this is the latest version of security update, the update which > eliminates all known security vulnerabilities affecting Internet > Explorer and MS Outlook/Express as well as six new > vulnerabilities, and is discussed in Microsoft Security Bulletin > MS02-005. Install now to protect your computer from these > vulnerabilities, the most serious of which could allow an > attacker to run code on your computer. > > Description of several well-know vulnerabilities: > > - "Incorrect MIME Header Can Cause IE to Execute E-mail > Attachment" vulnerability. If a malicious user sends an affected > HTML e-mail or hosts an affected e-mail on a Web site, and a user > opens the e-mail or visits the Web site, Internet Explorer > automatically runs the executable on the user's computer. > > - A vulnerability that could allow an unauthorized user to learn > the location of cached content on your computer. This could > enable the unauthorized user to launch compiled HTML Help (.chm) > files that contain shortcuts to executables, thereby enabling the > unauthorized user to run the executables on your computer. > > - A new variant of the "Frame Domain Verification" vulnerability > could enable a malicious Web site operator to open two browser > windows, one in the Website's domain and the other on your local > file system, and to pass information from your computer to the > Web site. > > - CLSID extension vulnerability. Attachments which end with a > CLSID file extension do not show the actual full extension of the > file when saved and viewed with Windows Explorer. This allows > dangerous file types to look as though they are simple, harmless > files - such as JPG or WAV files - that do not need to be > blocked. > > System requirements: > Versions of Windows no earlier than Windows 95. > > This update applies to: > Versions of Internet Explorer no earlier than 4.01 > Versions of MS Outlook no earlier than 8.00 > Versions of MS Outlook Express no earlier than 4.01 > > How to install: > Run attached file q216309.exe > > How to use: > > You don't need to do anything after installing this item. > > For more information about these issues, read Microsoft Security > Bulletin MS02-005, or visit link below.... > > If you have some questions about this article contact us at > firstname.lastname@example.org > > Thank you for using Microsoft products. > > With friendly greetings, > MS Internet Security Center. > > Attachment: q216309.exe > > Read a full virus description by clicking the link below: > http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020304-000001 > > > [ Subscription information ] > > Central Command, Inc. respects your online privacy. You at anytime > can easily remove your e-mail address from the Central Command mailing > list by entering in your e-mail address at the following web page: > http://www.centralcommand.com/unsubscribe.html > > You will receive a confirmation message about your successful > removal from News. > > [ Legal Notice and Disclaimer ] > > THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. > > Disclaimer of warranties and limitation of liability > > This information is provided by Central Command, Inc. on an "AS IS" > and "AS AVAILABLE" basis. Central Command, Inc. makes no > representations or warranties of any kind, express or implied, as to > the information, content, materials, or products included, or > mentioned within this information bulletin. You expressly agree that > your use of this information is at your sole risk. The user assumes > the entire risk as to the accuracy and the use of this document. > > To the full extent permissible by applicable law, Central Command, > Inc. disclaims all warranties, express or implied, including, but > not limited to, implied warranties of merchantability and fitness > for a particular purpose and freedom from infringement. Central > Command, Inc. does not warrant that this information is accurate. > Central Command, Inc. will not be liable for any damages of any kind > arising from the use of this information, including, but not limited > to direct, indirect, incidental, punitive, and consequential > damages. > > Certain state laws do not allow limitations on implied warranties or > the exclusion or limitation of certain damages. if these laws apply > to you, some or all of the above disclaimers, exclusions, or > limitations may not apply to you, and you might have additional > rights. > > [ Copyrights and Trademarks ] > > Central Command, PerfectSupport, EVRT, Emergency Virus Response > Team, Virus Protection for the Real World, Without us, there's no > defense. are trademarks of Central Command Inc. All other > trademarks, trade name and product names are property of their > respective owners. Copyright © 2000, 2001, 2002 Central Command > Inc. All rights reserved.