Fake Microsoft Email contain Virus (swenAworm)

[EricB]

I was just reading about this in a pc magazine about this and it happen to me. luckily my nod32 caught it in time.

here the so called message from MS with the win32 swen A worm

Microsoft Customer

this is the latest version of security update, the "September 2005, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your computer. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

remember MS will never send you an update in an email

 

[Osiris]

Can you possibly send me the link for testing pruposes. I want to see exactly what this will do.

 

[EricB]

I deleted it. I'm trying to see if I can find it in nod32

 

[EricB]

this is the best that I could find of it

Time Module Object Name Threat Action User Information
9/19/2005 3:30:15 AM AMON file C:\Documents and Settings\ Lockett\Local Settings\Application Data\IM\Runtime\Message\{94C98FCF-C7A7-4D6B-8D2F-F9FD940F4DD8}\Show\cpbkjzl1.pif Win32/Swen.A worm quarantined - deleted DFI\ Lockett Event occurred on a new file created by the application: C:\PROGRA~1\INCRED~1\bin\IncMail.exe. The file was moved to quarantine. You may close this window.
9/19/2005 3:26:27 AM AMON file C:\Documents and Settings\ Lockett\Local Settings\Application Data\IM\Identities\{42CCF6EC-6036-46AB-B3AB-257D5C2E3D9A}\Message Store\Attachments\Patch7125.exe Win32/Swen.A worm quarantined - deleted DFI\Lockett Event occurred on a new file created by the application: C:\PROGRA~1\INCRED~1\bin\IMApp.exe. The file was moved to quarantine. You may close this window.

 

[Tyler1989]

It wasn't worded good enough to be from MS and they also never give updates in their email also they include links and such when they say contact us.

 

[EricB]

it came from a link that was like this theirusername@msdn

 

[mikee]

my dad fell for that 4 times when it was sent to him.

 

[Win2kpatcher]

you got the worm deployed on your machine or just got the mail?

 

[Osiris]

Sucks I cant get it

 

[EricB]

Sucks I cant get it

LOL if I knew that you wanted so bad I would have saved it for you.
the funniest thing was I had read about it saturday in pc world I think.

then all of a sudden this morning, my nod32 started going off. it quarantined and deleted the file. I'm Like WTF. this was the first time I got a virus from nowhere, Usually I get them from downloading something.

I wondered what would happen to the person who will run that attachment?