|
Description:
This mass-mailing worm attempts to send itself to all email addresses on the infected system. It has several components with different tasks.
The email address is forged to make the message appear to have come from a legitimate software company to lure users into opening the attachment.
The email has the following details:
From: Microsoft Corporation
Security Center <rdqeust12@microsoft.com>
To: Microsoft Customer
Subject: may be any of the following:
- Internet Security Update
- Check It Out - Microsoft Security Update
- I thought you find this useful - Microsoft Security Update
- Watch this - Microsoft Security Update
Message Body:
this is the latest version of security update, the update which
eliminates all
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install
now to protect your computer from these vulnerabilities,
the most serious of which
could allow an attacker to run code on your computer.
Description of several well-know vulnerabilities:
- "Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail or hosts
an affected e-mail on a Web site, and a user opens the
e-mail or visits the Web site, Internet Explorer automatically
runs the executable on the user's computer.
- A vulnerability that could allow an unauthorized user to
learn the location
of cached content on your computer. This could enable the
unauthorized user to launch compiled HTML Help (.chm)
files that contain shortcuts to executables, thereby
enabling the unauthorized user to run the executables
on your computer.
- A new variant of the "Frame Domain Verification"
vulnerability could enable a malicious Web site operator
to open two browser windows, one in the Web site's domain
and the other on your local file system, and to pass
information from your computer to the Web site.
- CLSID extension vulnerability. Attachments which end
with a CLSID file extension do not show the actual full
extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to
look as though they are simple, harmless files - such as
JPG or WAV files - that do not need to be blocked.
System requirements:
Versions of Windows no earlier than Windows 95.
This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item.
For more information about these issues, read Microsoft
Security Bulletin MS02-005, or visit link below.
http://www.microsoft.com/windows/ie/downloads/critical/default.asp
If you have some questions about this article contact us at
rdquest12@microsoft.com
Thank you for using Microsoft products.
With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation.
Windows and Outlook are trademarks of Microsoft Corporation.
Attachment: q216309.exe
This mass – mailing worm is written and compiled in Visual Basic. It works in Windows 95, 98, ME, NT, 2000, and XP systems.
For additional information about this threat, see:
Solution
Technical Details
Description created: Mar. 4, 2002 5:13:16 PM GMT -0800
Description updated: Mar. 6, 2002 12:45:24 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
