RE: [nznog] blaster worm - NZNOG - lists.nznog.org

newer
RE: [nznog] microsoft.com

RE: [nznog] blaster worm

older
spam farms

Nathan Mercer

15 Aug 2003 15 Aug '03

1:13 p.m.

We're experiencing increased traffic levels, but its not DoSing us. You might be interested in reading some more about the Blaster worm here Recommendations to ISPs Regarding the Blaster Worm http://www.microsoft.com/serviceproviders/security/isp_blaster.asp There is a Word DOC there with some more info. You can read with the Word viewer downloadable here http://download.microsoft.com/download/word2000/wd97vwr/2000/WIN98/EN-US /wd97vwr32.exe Nathan -----Original Message----- From: Barry Murphy [mailto:barry(a)unix.co.nz] Sent: Saturday, 16 August 2003 9:45 a.m. To: Nathan Mercer Cc: NZ NOG Subject: Re: [nznog] blaster worm Nathan, Are you aware of microsoft being affected from the DDoS of this virus yet? Seeing as you people will probably hear first off.

Reply

Sign in to reply online Use email software

Show replies by date

nznog＠neilnz.com

15 Aug 15 Aug

7:07 p.m.

New subject: [OT] Anyone have a Promise Connectstor II spare?

Sorry for the OT but I have a client that requires a spare Promise Connectstor II NAS appliance due to paranoia, but from all accounts Promise have stopped producing them... Does anyone happen to have one (preferably without drives) sitting in the back of a server room after discovering the transfer rate wasn't that hot and shelving it? Please contact me off list if you do and want to realise something for it... You may now return to your usual programming of waiting for Blaster to actually do something really bad. Cheers - Neil G

Reply

Sign in to reply online Use email software

Joe Abley

9:09 p.m.

New subject: blaster worm

On Saturday, 16 August 2003, at 02:13AM, Nathan Mercer wrote:

http://www.microsoft.com/serviceproviders/security/isp_blaster.asp There is a Word DOC there with some more info.

Hey Nathan, tell Bill that word is not an appropriate format for publishing information on the internet, eh? If he's looking for portable alternatives, there's this thing called "text". Joe

Reply

Sign in to reply online Use email software

Juha Saarinen

16 Aug 16 Aug

5:04 a.m.

New subject: blaster worm

On Sat, 16 Aug 2003, Joe Abley wrote:

Hey Nathan, tell Bill that word is not an appropriate format for publishing information on the internet, eh? If he's looking for portable alternatives, there's this thing called "text".

Seems Microsoft is very kindly sending out patches to all and sundry as well. Got this one at my spam magnet, err, I mean IDGNZ email account: Date: Sat, 16 Aug 2003 12:02:58 -0400 From: Microsoft Corporation Network Customer Services To: Microsoft Consumer <@> Subject: Network Security Patch Parts/Attachments: 1.1 Shown ~58 lines Text 1.2 OK ~79 lines Text 2 159 KB Application ---------------------------------------- Microsoft Consumer this is the latest version of security update, the "August 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches. System requirements: Win 9x/Me/2000/NT/XP This update applies to: Microsoft Internet Explorer, version 4.01 and later Microsoft Outlook, version 8.00 and later Microsoft Outlook Express, version 4.01 and later Recommendation: Customers should install the patch at the earliest opportunity. How to install: Run attached file. Click Yes on displayed dialog box. How to use: You don't need to do anything after installing this item. Microsoft Technical Support is available at http://support.microsoft.com/ For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security Contact us at http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies. Thank you for using Microsoft products. With friendly greetings, Microsoft Corporation Network Customer Services ________________________________________ ©2003 Microsoft Corporation. All rights reserved. The names of the actual companies and products mentioned herein may be the trademarks of their respective owners. --- Outgoing mail is certified Virus Free. Checked by Symantec anti-virus system (http://www.symantec.com). Release Date: 27.7.2003 [ Part 2, Application/X-MSDOWNLOAD 212KB. ] [ Not Shown. Use the "V" command to view or save this part. ] ;-) -- Juha Saarinen

Reply

Sign in to reply online Use email software

Simon Byrnand

5:08 a.m.

New subject: blaster worm

On Sat, 16 Aug 2003, Joe Abley wrote:

...
Hey Nathan, tell Bill that word is not an appropriate format for publishing information on the internet, eh? If he's looking for portable alternatives, there's this thing called "text".

Seems Microsoft is very kindly sending out patches to all and sundry as well. Got this one at my spam magnet, err, I mean IDGNZ email account:

Date: Sat, 16 Aug 2003 12:02:58 -0400 From: Microsoft Corporation Network Customer Services To: Microsoft Consumer <@> Subject: Network Security Patch Parts/Attachments: 1.1 Shown ~58 lines Text 1.2 OK ~79 lines Text 2 159 KB Application ----------------------------------------

Microsoft Consumer

this is the latest version of security update, the "August 2003, Cumulative Patch" update which eliminates all known security vulnerabilities affecting Internet Explorer, Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run executable on your system. This update includes the functionality of all previously released patches.

System requirements: Win 9x/Me/2000/NT/XP

This update applies to: Microsoft Internet Explorer, version 4.01 and later Microsoft Outlook, version 8.00 and later Microsoft Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch at the earliest opportunity.

How to install: Run attached file. Click Yes on displayed dialog box.

How to use: You don't need to do anything after installing this item.

Microsoft Technical Support is available at http://support.microsoft.com/

For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security

Contact us at http://www.microsoft.com/isapi/goregwiz.asp?target=/contactus/contactus.asp

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

Thank you for using Microsoft products.

With friendly greetings, Microsoft Corporation Network Customer Services ________________________________________ ©2003 Microsoft Corporation. All rights reserved. The names of the actual companies and products mentioned herein may be the trademarks of their respective owners.

--- Outgoing mail is certified Virus Free. Checked by Symantec anti-virus system (http://www.symantec.com). Release Date: 27.7.2003

[ Part 2, Application/X-MSDOWNLOAD 212KB. ] [ Not Shown. Use the "V" command to view or save this part. ]

;-)

Just in case a few people didn't pick up on your sarcasm, that message is in fact a fake, and as well as that, the copy that I received was infected with the I-Worm.gibe.b virus. Anybody that has used the Microsoft download site before will know that Microsoft never email executables or patches... Hmm so what do we have here I wonder, someone deliberately attaching a copy of a virus to a fake Microsoft bulletin, or a virus that automatically sends itself along with a fake Microsoft bulletin ? Either way it isn't good for Microsoft ;-) Regards, Simon

Reply

Sign in to reply online Use email software

Richard Cox

7:27 a.m.

New subject: blaster worm

On Sun, 17 Aug 2003 10:08:44 +1200 (NZST) "Simon Byrnand" wrote: | Just in case a few people didn't pick up on your sarcasm, that message | is in fact a fake, and as well as that, the copy that I received was | infected with the I-Worm.gibe.b virus. More precisely, the message is deliberately sent as a dropper for the worm - in other words it is the primary means of its transmission. See: http://www.europe.f-secure.com/v-descs/gibe_b.shtml inter alia | Hmm so what do we have here I wonder, someone deliberately attaching | a copy of a virus to a fake Microsoft bulletin, or a virus that | automatically sends itself along with a fake Microsoft bulletin ? It has been doing the rounds since February this year, all that changes each round is the date of the alleged "patch". This one was the August 2003 edition. It catches a few more people every time, and given the publicity that MSBlast has just had, it may well catch rather more this time, due to the extensive news reports that Microsoft had just issued a patch. |> With friendly greetings, |> Microsoft Corporation Network Customer Services That, however, may well be the giveaway clue to it being bogus ... Best Regards -- Richard Cox %% HELO - the first word of every Email transaction - is in Welsh! %%

Reply

Sign in to reply online Use email software

7799

Age (days ago)

7800

Last active (days ago)

Download

5 comments

6 participants

tags

participants (6)

Joe Abley
Juha Saarinen
Nathan Mercer
nznog＠neilnz.com
Richard Cox
Simon Byrnand