i've received 8 emails tonight with virus attachments. What the heck is going on?!

3 of them were from 'Microsoft'. When i looked up the so called *security update* on Microsoft site, this is what i got...
http://search.microsoft.com/search/results.aspx?st=b&qu=QNQKS.exe&view=en-us

i copied the Properties from the last 4...
This one said it was a Security Update on the subject line:
Status: U
Return-Path: <harleygal@bellsouth.net>
Received: from imf16aec.mail.bellsouth.net ([205.152.59.64])
by killdeer (EarthLink SMTP Server) with ESMTP id 1a0bF33DH3NZFlr0
Thu, 18 Sep 2003 20:10:20 -0700 (PDT)
Received: from efrx ([68.19.201.180]) by imf16aec.mail.bellsouth.net
(InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP
id <20030919031014.RDPO2551.imf16aec.mail.bellsouth.net@efrx>;
Thu, 18 Sep 2003 23:10:14 -0400
FROM: "MS Corporation Security Assistance" <cxknptm@confidence.msdn.com>
TO: "Partner" <partner.ejazdllcm@confidence.msdn.com>
SUBJECT: New Internet Security Update
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="qbmnwlhamqzmj"
Message-Id: <20030919031014.RDPO2551.imf16aec.mail.bellsouth.net@efrx>
Date: Thu, 18 Sep 2003 23:10:20 -0400

This one was a Return to Sender, but i never sent it in the first place:
Status: U
Return-Path: <harleygal@bellsouth.net>
Received: from imf16aec.mail.bellsouth.net ([205.152.59.64])
by eagle (EarthLink SMTP Server) with ESMTP id 1a0bGYPH3NZFji0
Thu, 18 Sep 2003 20:12:20 -0700 (PDT)
Received: from hdgnvqca ([68.19.201.180]) by imf16aec.mail.bellsouth.net
(InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP
id <20030919031214.RENX2551.imf16aec.mail.bellsouth.net@hdgnvqca>;
Thu, 18 Sep 2003 23:12:14 -0400
FROM: "Admin" < >
TO: " " <client@yourserver.com>
SUBJECT: Returned Message: Returned To Sender
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="tztdpwhhynrouf"
Message-Id: <20030919031214.RENX2551.imf16aec.mail.bellsouth.net@hdgnvqca>
Date: Thu, 18 Sep 2003 23:12:20 -0400

This one is #7:
Status: U
Return-Path: <milesjohn@mchsi.com>
Received: from sccmmhc02.asp.att.net ([204.127.203.184])
by merlin (EarthLink SMTP Server) with SMTP id 1a0cuD39q3NZFlq0
Thu, 18 Sep 2003 21:03:39 -0700 (PDT)
Date: Fri, 19 Sep 2003 04:02:03 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from dadbjvo (12-216-250-27.client.mchsi.com[12.216.250.27])
by sccmmhc02.asp.att.net (sccmmhc02) with SMTP
id <20030919040159mm2005k10ce>; Fri, 19 Sep 2003 04:02:00 +0000
FROM: "Customer Assistance" <hnmfwy@confidence.com>
TO: "Commercial Customer" <fvuxflff-imzyiczlrt@confidence.com>
SUBJECT: network critical patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="wuhghbmktuqozu"
Message-Id: <200309182103.1a0cuD39q3NZFlq0@merlin>

And this is #8:
Status: U
Return-Path: <milesjohn@mchsi.com>
Received: from sccmmhc02.asp.att.net ([204.127.203.184])
by merlin (EarthLink SMTP Server) with SMTP id 1a0cw139q3NZFlq0
Thu, 18 Sep 2003 21:05:05 -0700 (PDT)
Date: Fri, 19 Sep 2003 04:03:45 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from jduiajlt (12-216-250-27.client.mchsi.com[12.216.250.27])
by sccmmhc02.asp.att.net (sccmmhc02) with SMTP
id <20030919040340mm200pfg0ge>; Fri, 19 Sep 2003 04:03:41 +0000
FROM: "MS Internet Mail Service" <xmailroutine@freemail.net>
TO: "Internet Client" <receiver@smtpserver.net>
SUBJECT: returned message: user unknown
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="xtfbnehwsuprbp"
Message-Id: <200309182105.1a0cw139q3NZFlq0@merlin>


What the heck man, why am i getting picked on like this?? i'm half afraid to shut down tonight, i'll probably have a dozen more of these things waiting for me in the morning. :bawling:

Is anybody else getting them?

hmmm that one is new, I have been getting hammered tonight with these:

From: Microsoft Corporation Security Center
Subject: Internet Security Update
Message:
Microsoft Customer,
this is the latest version of security update, the update which eliminates all known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities
.......
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item.
.......
Attachment: Q216309.exe

Yep, i've gotten 4 now from 'Microsoft'^^

And heres #9! This is bull****!

Status: U
Return-Path: <startmartdave@comcast.net>
Received: from rwcrmhc12.comcast.net ([216.148.227.85])
by eagle (EarthLink SMTP Server) with SMTP id 1a0cP03Lo3NZFji0
Thu, 18 Sep 2003 21:24:41 -0700 (PDT)
Date: Fri, 19 Sep 2003 04:22:51 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from udvaso (12-225-252-93.client.attbi.com[12.225.252.93])
by comcast.net (rwcrmhc12) with SMTP
id <2003091904224901400bqk7ce>; Fri, 19 Sep 2003 04:22:49 +0000
FROM: "Microsoft Corporation Security Section" < >
TO: " " <customer_davlvwohmo@newsletters.msn.net>
SUBJECT: Latest Internet Security Pack
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="uvscxgestwloc"
Message-Id: <200309182124.1a0cP03Lo3NZFji0@eagle>


-waits for #10.. they're coming in pairs tonight. :mad:

Didnt have to wait too long.. heres #10 and 11...

Status: U
Return-Path: <startmartdave@comcast.net>
Received: from rwcrmhc11.comcast.net ([204.127.198.35])
by kite (EarthLink SMTP Server) with SMTP id 1a0cRZGr3NZFkD0
Thu, 18 Sep 2003 21:27:47 -0700 (PDT)
Date: Fri, 19 Sep 2003 04:27:29 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from ttnvvlkz (12-225-252-93.client.attbi.com[12.225.252.93])
by comcast.net (rwcrmhc11) with SMTP
id <2003091904272701300q38g8e>; Fri, 19 Sep 2003 04:27:28 +0000
FROM: "MS Network Security Department" <ufcwxvzmxsf_aibdwl@news.microsoft.com>
TO: "MS Corporation Customer" <cxpt-plvegnib@news.microsoft.com>
SUBJECT: New Internet Critical Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="xwknaixjatcjxofho"
Message-Id: <200309182127.1a0cRZGr3NZFkD0@kite>

Status: U
Return-Path: <startmartdave@comcast.net>
Received: from rwcrmhc13.comcast.net ([204.127.198.39])
by cockatoo (EarthLink SMTP Server) with SMTP id 1a0cS61Tj3NZFkl0
Thu, 18 Sep 2003 21:27:54 -0700 (PDT)
Date: Fri, 19 Sep 2003 04:27:47 +0000 (GMT)
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium.
Received: from prokr (12-225-252-93.client.attbi.com[12.225.252.93])
by comcast.net (rwcrmhc13) with SMTP
id <2003091904274501500giqsge>; Fri, 19 Sep 2003 04:27:45 +0000
FROM: "microsoft service" <mailerbot@yahoo.com>
TO: "Email Receiver" <recipient@emaildomain.com>
SUBJECT: Undelivered Mail: User unknown
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="kyhiquqiwqgcqip"
Message-Id: <200309182127.1a0cS61Tj3NZFkl0@cockatoo>

How do i make this stop?

not sure how if you run a linux server.... I run windows servers and use a program called "mail essentials" it filters 99.6% of that garbage out and puts it into a folder on the server of your choice for viewing and laughing or screaming later.

The emails appear to be not coming from microsoft actually. Just made to look like it, so blaming them won't help. Suggest getting a decent virus scanner with email scanning capabilities.

Please remember that Microsoft has NEVER and more than likely will never distribute patches by email. Official patches are distributed via www.windowsupdate.com (for Windows) or www.microsoft.com/downloads.

Here was my problem >> http://www.internetnews.com/dev-news/article.php/3080001

i got almost 30 of these things before i finally got it under control this afternoon. i went to Earthlink's webmail and raised my spam blocker security to High. i think i'll get this patch too.

If you are running a linux machine, install Clam AV. It should filter out all the virus emails and drop them. Best thing of all, it's free.

Hopefully, this one wouldn't spread as fast :eek3:

http://www.atnewyork.com/news/article.php/3080001

http://www.informationweek.com/story/showArticle.jhtml?articleID=15000134

i had that very problem... http://www.webhostingtalk.com/showthread.php?s=&threadid=188476

I've been getting them about 20+/hour for hte last 2 days...

and also emails posing as returned email... with attachments...

Of course, I wasn't that stupid to open any of the attachments....

Haven't received this one yet... But, I'll keep an eye out for it.

i never open anything i dont know who the sender is. What i finally did was raise Earthlink's webmail spamblocker to high, and now they arent coming in my Outlook Express anymore. Its been very quiet since. :)

A few have come to mods email. Hopefully people are cluey enough to know that you get patches from Microsoft and not sent in email ;)

Heh, I just checked Hotmail and was overlimit. 5 such emails had been sent to the junk folder. :D

Received about 15 of those in the past week. What I find funny is how they are wanting it to look so real, and then at the bottom they state "The names of the actual companies and products mentioned herein are the trademarks of their respective owners. " Are they afraid of legal action or something? :D

i got a virus from one of em because i had preview window on in outlook express. I wanna find the person doing this and ring there neck

Heh, this is why I love NAV2K3 Pro :)

Here's the latest virus that has been discussed here before in the technical and security issues forum. No one has actually posted what the email actually looks like yet, so since I just got my first one today, I thought I would upload the HTML code of what the virus email looks like.

Attached to the email is a file called INSTALLER2.exe, which when executed will infect your system with W32.Swen.A@mm. More info on this can be found here (http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html).

To get a look at what the infected email looks like and to warn your friends or clients, look at the following which I have uploaded.

http://square-network.com/site/misc/virus.html

Not good at all :( Too many newbie internet users gonna run it.

Thanks for that Coach .. I'm sure that we be of assists to a lot of members.
It is worth noting .... Microsoft NEVER email patch's or updates.

Doc

Seen that exact email several times in the moderator email box... Appears to be spreading like wildfire.. Well.. slower than wildfire.. I'd call code red that fast :D

I get that everyday in my yahoo mail

Over the week that just passed we received more than 90 copies of this virus via email. Damn them, damn them to hell.

On a side note, I have actually installed that virus on a machine to see what it does. Very very interesting!

Looks very authentic and also doesn't allow you to install again as it says the patch is already installed.

It won't email out straight away, as it prompts you to input your mail settings.

Chris

I'll bet I've received/deleted that one at least 3 dozen times... &nbsp;&nbsp; :angry:

Please remember that Microsoft has NEVER and more than likely will never distribute patches by email.
I got a couple of these myself but figured they're werent real so didn't even bother opening them. If I want an update, I'll download it myself. I don't need something sent to me.
i got a virus from one of em because i had preview window on in outlook express.
I have my preview on too, but I use the outlook express on my mac which seems immune to annoying windows virus.

Thank God for OSX

well, I'm about to abondon my email account considering that I get 50 of them per day...