Erik van Straten reported receiving a spoofed email that led to a spoofed Microsoft site that downloaded a trojan with instructions to run it to patch your system. The site name is www.microsoft-security-updates.com is NOT a Microsoft site.
This gets redirected to http://d558597.u25.surftown.com/mstasks.exe
mstasks.exe is identified by Symantec/Norton AntiVirus beta definitions as "Trojan.Etsur".
Repeat after me: Unless you subscribe to their email security notification service, Microsoft's policy is not to send notification of vulnerabilities. They never send patches in email to users.
A new polymorphic virus has been reported by Network Associates.
W32/Polybot.gen!irc a polymorphic variant of the w32/gaobot worm. It encrypts itself which may allow it to go undetected by antivirus software. Currently NA lists it as a low risk. It spreads through shares and can use vulnerabilities described in Microsoft Security Bulletins MS03-026, Ports 80, 135, 139, 445 or 593 are all possibly affected by that vulnerability. A new variant of this virus family has been discovered that uses the filename soundman.exe.
For Network Associates full writeup see:
We received one report of a virus using a picture file format (bmp) to provide the password. Several antivirus systems include the ability to pull passwords out of email text and decrypt the bagle.pwdzip zip file finding the virus a passworded zip. Using bitmap's or other image file formats will make it more difficult for antivirus vendors to extract the password. This password in a picture method has been used by other systems to prevent automated abuse.
Mar 17th 2004
1 decade ago