ICANN/GNSO GNSO Email List Archives

[registrars]


<<< Chronological Index >>>    <<< Thread Index >>>

[registrars] Worm.Automat.AHB virus.

  • To: Registrars Constituency <registrars@xxxxxxxx>
  • Subject: [registrars] Worm.Automat.AHB virus.
  • From: "Robert F. Connelly" <rconnell@xxxxxxxxxxxxx>
  • Date: Sat, 20 Sep 2003 07:30:26 -0700
  • Cc: Duane Connelly <duane@xxxxxxxxxxxxxxx>, Mieko Umezu <umezu@xxxxxxxxxxxxxxx>
  • Sender: owner-registrars@xxxxxxxxxxxxxx

<html>
<body>
Dear Colleagues:&nbsp; I've received two attempts to send the
Worm.Automat.AHB virus to me.&nbsp; <br><br>
The Email is disguised to look as though it came from Microsoft.&nbsp;
The first one was truncated by my 7k max size.&nbsp; The second was
caught in mid stream by Norton Anti Virus.&nbsp; Here is that
report:<br><br>
Norton AntiVirus removed the attachment: installer32.exe.<br>
The attachment was infected with the Worm.Automat.AHB virus.<br><br>
Would it be helpful if I sent to bla bla to the RC list for
analysis?<br><br>
Regards, BobC<br><br>
Return-Path: &lt;mbdora@xxxxxxxxxx&gt;<br>
Received: from psi-japan.co.jp (IDENT:qmailr@xxxxxxxxxxxxxxxxxxxxxxxxx
[202.32.72.178])<br>
<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>by
ns.beach.net (8.12.9/8.12.3) with SMTP id h8KDFkxO091278<br>
<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>for
&lt;rconnell-jp@xxxxxxxxxxxxx&gt;; Sat, 20 Sep 2003 06:15:47 -0700
(PDT)<br>
<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>(envelope-from
mbdora@xxxxxxxxxx)<br>
Received: (qmail 17060 invoked by uid 5005); 20 Sep 2003 13:15:44
-0000<br>
Delivered-To: rconnell@xxxxxxxxxxxxxxxxxxxx<br>
Received: (qmail 17025 invoked by alias); 20 Sep 2003 13:15:43 
-0000<br>
Delivered-To: alias-localdelivery-rconnell@xxxxxxxxxxxxxxx<br>
Received: (qmail 17012 invoked by alias); 20 Sep 2003 13:15:43 
-0000<br>
Delivered-To: fw-domains@xxxxxxxxxxxxxxxxxxxx<br>
Received: (qmail 17010 invoked by alias); 20 Sep 2003 13:15:42 
-0000<br>
Delivered-To: alias-localdelivery-fw-domains@xxxxxxxxxxxxxxx<br>
Received: (qmail 17007 invoked by uid 5028); 20 Sep 2003 13:15:42
-0000<br>
Delivered-To: domains@xxxxxxxxxxxxxxxxxxxx<br>
Received: (qmail 17004 invoked by alias); 20 Sep 2003 13:15:42 
-0000<br>
Delivered-To: alias-localdelivery-domains@xxxxxxxxxxxxxxx<br>
Received: (qmail 17001 invoked from network); 20 Sep 2003 13:15:39
-0000<br>
Received: from smtp1in.geetel.net (HELO mail1.geetel.net)
(65.174.192.14)<br>
&nbsp; by e001.psi-japan.co.jp (202.32.72.178) with ESMTP; 20 Sep 2003
13:15:39 -0000<br>
Received: from axczfk (dial-208.15.165.181.geetel.net [208.8.44.181] (may
be forged))<br>
<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>by
mail1.geetel.net (8.11.6/8.11.6) with SMTP id h8KD83c21851;<br>
<x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>Sat, 20
Sep 2003 08:08:05 -0500<br>
Date: Sat, 20 Sep 2003 08:08:05 -0500<br>
Message-Id: &lt;200309201308.h8KD83c21851@xxxxxxxxxxxxxxxx&gt;<br>
FROM: &quot;Program Security Center&quot;
&lt;huxeqtjs_ztlknsm@xxxxxxxxxxxxxxxxxxxxx&gt;<br>
TO: &quot;User&quot; &lt;hizuv_bugzfxqag@xxxxxxxxxxxxxxxxxxxxx&gt;<br>
SUBJECT: New Microsoft Critical Pack<br>
Mime-Version: 1.0<br>
Content-Type: multipart/mixed; boundary=&quot;vyeeiokpqy&quot;<br>
X-VirusHunter: Email not scanned for Virus.&nbsp; The target domains are
not in the scan list<br>
X-MailScanner-Information: Please contact the ISP for more
information<br>
X-SpamHunter-FallThrough: <br><br>
&nbsp;
<a href="http://www.microsoft.com/";><font size=5><b><i>Microsoft</a>
</i></b></font><font size=1 color="#FFFFFF">&nbsp; <a href="'http://www.microsoft.com/catalog/'">All Products</a> |&nbsp; <a href="'http://support.microsoft.com/'">Support</a> |&nbsp; <a href="'http://search.microsoft.com/'">Search</a> |&nbsp; <a href="'http://www.microsoft.com/'">Microsoft.com Guide</a>&nbsp; <br>
</font><font face="Verdana" size=1><b><a href="'http://www.microsoft.com/'">Microsoft Home</a>&nbsp; </b> <br>
</font><font size=2>&nbsp;<img src="cid:.0" width=104 height=59 alt="New Microsoft Critical Pack.gif"><br><br>
Microsoft User<br><br>
this is the latest version of security update, the &quot;September 2003, Cumulative Patch&quot; update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your computer. This update includes the functionality of all previously released patches. <br><br>
<br>
</font><img src="cid:.1" width=12 height=12 alt="New Microsoft Critical Pack1.gif"><font size=1><b>&nbsp;System requirements</b> Windows 95/98/Me/2000/NT/XP</font><font size=2> <br>
</font><img src="cid:.2" width=12 height=12 alt="New Microsoft Critical Pack1.gif"><font size=1><b>&nbsp;This update applies to</b> MS Internet Explorer, version 4.01 and later<br>
MS Outlook, version 8.00 and later<br>
MS Outlook Express, version 4.01 and later <br>
<img src="cid:.3" width=12 height=12 alt="New Microsoft Critical Pack1.gif"><b>&nbsp;Recommendation</b></font><font size=2> </font><font size=1>Customers should install the patch at the earliest opportunity.</font><font size=2> <br>
</font><img src="cid:.4" width=12 height=12 alt="New Microsoft Critical Pack1.gif"><font size=1><b>&nbsp;How to install</b></font><font size=2> </font><font size=1>Run attached file. Choose Yes on displayed dialog box.</font><font size=2> <br>
</font><img src="cid:.5" width=12 height=12 alt="New Microsoft Critical Pack1.gif"><font size=1><b>&nbsp;How to use</b></font><font size=2> </font><font size=1>You don't need to do anything after installing this item.</font><font size=2> <br><br>
Microsoft Product Support Services and Knowledge Base articles can be found on the <a href="http://support.microsoft.com/";>Microsoft Technical Support</a> web site. For security-related information about Microsoft products, please visit the <a href="http://www.microsoft.com/security";>Microsoft Security Advisor</a> web site, or <a href="http://www.microsoft.com/contactus/contactus.asp";>Contact Us.</a> <br><br>
Thank you for using Microsoft products.<br><br>
</font><font size=1>Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.<br>
<br>
</font><font size=1 color="#808080">The names of the actual companies and products mentioned herein are the trademarks of their respective owners.</font><font size=2> <br><br>
</font><font size=1 color="#FFFFFF"><b><a href="http://www.microsoft.com/contactus/contactus.asp";>Contact Us</a>&nbsp; |&nbsp; <a href="http://www.microsoft.com/legal/";>Legal</a>&nbsp; |&nbsp; <a href="https://www.truste.org/validate/605";>TRUSTe</a> <br>
</b>©2003 Microsoft Corporation. All rights reserved. <a href="http://www.microsoft.com/info/cpyright.htm";>Terms of Use</a>&nbsp; |&nbsp; <a href="http://www.microsoft.com/info/privacy.htm";>Privacy Statement</a> |&nbsp; <a href="http://www.microsoft.com/enable/";>Accessibility</a> <br><br>
<br><br>
</font><a href="file://C:\Emailr\Norton%20AntiVirus%20Deleted1689.txt" eudora="attachment"><img src="cid:.6" width=32 height=32 alt="1d71ec2.jpg"></a><a href="file://C:\Emailr\Norton%20AntiVirus%20Deleted1689.txt" eudora="attachment"><font size=2>&nbsp;Norton AntiVirus Deleted1689.txt </a></font></body>
</html>

GIF image

GIF image

GIF image

GIF image

GIF image

GIF image

JPEG image



<<< Chronological Index >>>    <<< Thread Index >>>