[24653] in bugtraq
RE: Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update)
daemon@ATHENA.MIT.EDU (Alex Arndt)
Tue Mar 12 23:34:06 2002
Reply-To: <aarndt@rogers.com>
From: "Alex Arndt" <aarndt@rogers.com>
To: "Marlon Borba" <mborba1@terra.com.br>, <bugtraq@securityfocus.com>
Date: Mon, 11 Mar 2002 17:41:28 -0500
Message-ID: <NFBBKOKEOLODJBKIPOPJCEDKCIAA.aarndt@rogers.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
In-Reply-To: <5.1.0.14.0.20020310153029.00a17450@pop3.norton.antivirus>
From: Marlon Borba
Sent: Sunday, March 10, 2002 1:37 PM
To: bugtraq@securityfocus.com
Subject: Suspect 'advisory' from someone claiming to be from Microsoft
(was Fwd: Internet Security Update)
<snip>
Be careful with fake 'advisories' like this, specially if they come
with an '.exe' attached.
Cheers,
Marlon.
<snip forwarded mail>
Indeed folks should be careful - this would be the result of the
mass-mail vector propagated by W32/Gibe@MM-infected systems.
This virus (which incidentally drops a Trojan backdoor when it is
activated) was identified by the various AV vendors last week.
NAI - http://vil.nai.com/vil/content/v_99377.htm
Symantec - http://www.symantec.com/avcenter/venc/data/w32.gibe@mm.html
Sophos - http://www.sophos.com/virusinfo/analyses/w32gibea.html
F-Secure - http://www.europe.f-secure.com/v-descs/gibe.shtml
Others -
http://www.google.ca/search?q=W32%2FGibe@MM&hl=en&btnG=Google+Search&meta=
Alex Arndt, GCIA
"Within all order is the potential for chaos..."
