Fake Microsoft Email contain Virus (swenAworm) - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 09-19-2005, 03:28 AM   #1 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default Fake Microsoft Email contain Virus (swenAworm)

I was just reading about this in a pc magazine about this and it happen to me. luckily my nod32 caught it in time.

here the so called message from MS with the win32 swen A worm

Quote:
Microsoft Customer

this is the latest version of security update, the "September 2005, Cumulative Patch" update which eliminates all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an malicious user to run code on your computer. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
remember MS will never send you an update in an email
__________________

__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 09-19-2005, 05:14 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Can you possibly send me the link for testing pruposes. I want to see exactly what this will do.
__________________

__________________
Osiris is offline  
Old 09-19-2005, 07:12 AM   #3 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

I deleted it. I'm trying to see if I can find it in nod32
__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 09-19-2005, 07:31 AM   #4 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

this is the best that I could find of it

Time Module Object Name Threat Action User Information
9/19/2005 3:30:15 AM AMON file C:\Documents and Settings\ Lockett\Local Settings\Application Data\IM\Runtime\Message\{94C98FCF-C7A7-4D6B-8D2F-F9FD940F4DD8}\Show\cpbkjzl1.pif Win32/Swen.A worm quarantined - deleted DFI\ Lockett Event occurred on a new file created by the application: C:\PROGRA~1\INCRED~1\bin\IncMail.exe. The file was moved to quarantine. You may close this window.
9/19/2005 3:26:27 AM AMON file C:\Documents and Settings\ Lockett\Local Settings\Application Data\IM\Identities\{42CCF6EC-6036-46AB-B3AB-257D5C2E3D9A}\Message Store\Attachments\Patch7125.exe Win32/Swen.A worm quarantined - deleted DFI\Lockett Event occurred on a new file created by the application: C:\PROGRA~1\INCRED~1\bin\IMApp.exe. The file was moved to quarantine. You may close this window.
__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 09-19-2005, 07:34 AM   #5 (permalink)
Wizard Techie
 
Join Date: Jun 2005
Posts: 3,339
Default

It wasn't worded good enough to be from MS and they also never give updates in their email also they include links and such when they say contact us.
__________________
<form action=\"http://www.srsyo.org/tfsearch.php\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 09-19-2005, 07:47 AM   #6 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

it came from a link that was like this theirusername@msdn
__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 09-19-2005, 08:37 PM   #7 (permalink)
Master Techie
 
Join Date: Feb 2005
Posts: 2,012
Default

my dad fell for that 4 times when it was sent to him.
__________________
AMD Ryzen 5 1400 3.2Ghz
16GB CORSAIR Vengeance LPX DDR4 2400 Ram
Crucial M500 240GB SSD (boot drive)
500GB WD 5000AAKX-001CA0
1.5 TB Seagate ST1500DM003
Zotac Geforce GTX 950 2GB GDDR5
Windows 10 Pro 64 bit
mikee is offline  
Old 09-19-2005, 08:55 PM   #8 (permalink)
Master Techie
 
Join Date: Feb 2004
Posts: 2,172
Send a message via AIM to Win2kpatcher
Default

you got the worm deployed on your machine or just got the mail?
Win2kpatcher is offline  
Old 09-19-2005, 09:03 PM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default

Sucks I cant get it
__________________
Osiris is offline  
Old 09-19-2005, 09:42 PM   #10 (permalink)
Chillin Techie
 
Join Date: Nov 2004
Location: USA
Posts: 11,861
Default

Quote:
Originally posted by Warez Monster
Sucks I cant get it
LOL if I knew that you wanted so bad I would have saved it for you.
the funniest thing was I had read about it saturday in pc world I think.

then all of a sudden this morning, my nod32 started going off. it quarantined and deleted the file. I'm Like WTF. this was the first time I got a virus from nowhere, Usually I get them from downloading something.

I wondered what would happen to the person who will run that attachment?
__________________

__________________
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 06:19 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.