Closed Thread Icon

Topic awaiting preservation: Virus alert -- support@microsoft.com (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=6251" title="Pages that link to Topic awaiting preservation: Virus alert -- support@microsoft.com (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Virus alert -- support@microsoft.com <span class="small">(Page 1 of 1)</span>\

 
InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted posted 05-20-2003 15:30

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

Trigger
Paranoid (IV) Inmate

From:
Insane since: Jun 2002

posted posted 05-20-2003 15:53

I've got a similar kinda thing from
spindleyspider@hotmail.com
im assuming its a worm it came with data.pif and a read me

quote:
---------------------------------------------------------
Microsoft Data Access Objects version 3.6 Readme File
---------------------------------------------------------

(c) 1998 Microsoft Corporation. All rights reserved.

This document provides late-breaking or other information that supplements the Microsoft DAO documentation.

--------
CONTENTS
--------

1. PRODUCT DESCRIPTION

2. NEW FEATURES

3. TECHNICAL NOTES

4. KNOWN BUGS, LIMITATIONS, AND WORKAROUNDS

----------------------
1. PRODUCT DESCRIPTION
----------------------
Data Access Objects (DAO) are a set of objects that enable OLE Automation clients to programmatically access data and modify datasources. It is used by Access, Visual Basic and other Microsoft products to access data stored by the Jet database, and all the other formats that Jet provides (such as ODBC data sources including SQL Server, FoxPro, Paradox etc.).

---------------
2. NEW FEATURES
---------------
DAO 3.6 has been updated to use the Microsoft® Jet 4.0 database engine. This includes enabling all interfaces for Unicode. Data is now provided in unicode (internationally enabled) format rather than ANSI. No other new features were implemented.

--------------------
3. TECHNICAL NOTES
------------------
* Jet property lengths have been changed to allow 65,500 rather than 4,096 bytes (or half those amounts in characters). Because of this change, the DAO Field.Properties valid length has increased to 32,750 characters. However, the TableDefs size remains at a smaller buffer of 16,383 characters, so property lengths are effectively limited to that.

-----------------
4. KNOWN BUGS, LIMITATIONS, AND WORKAROUNDS
-----------------
The following is a list of DAO 3.6 known issues.

* Binding to an ActiveX control, such as a data bound grid, which expects ANSI data will incorrectly display the unicode data that DAO now provides. If this is encountered, update to an ActiveX control which supports unicode data.

* Databases made replicable in code which have never been opened in Microsoft Access will always have local projects (forms, reports, macros, modules) and they can never be changed to make the project replicable. This is because the system table which controls this functionality (mSysAccessObjects) does not exist if the database was never opened in Access prior to making the database replicable. Once the database is made replicable the user cannot change the replicability of the project.



and It clames in the email that

quote:
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.



Trigger
Paranoid (IV) Inmate

From:
Insane since: Jun 2002

posted posted 05-20-2003 15:58

on second thoughts it might not be the same thing, but I got one out of the blue with some "Microsoft" documentation and a .pif so I figured they where preetysimilar

a link about the one I recived can be found here - http://www.snopes.com/computer/virus/immunity.htm

http://www.theregister.co.uk/content/56/30751.html




[This message has been edited by Trigger (edited 05-20-2003).]

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted posted 05-20-2003 16:00

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

bodhi23
Paranoid (IV) Inmate

From: Greensboro, NC USA
Insane since: Jun 2002

posted posted 05-20-2003 16:04
quote:
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.



The grammer here would be my first tip off that it's not really from microsoft... Big corporations hire English majors to write their correspondence...

Bodhi - Cell 617

Trigger
Paranoid (IV) Inmate

From:
Insane since: Jun 2002

posted posted 05-20-2003 16:11

I dont understand some of these guys tho'

Im curios of hacking and so frequent some 'hacking' BBS's and im a 'Staff' Member of one of them,
and you know theres Genuian intrest in Viri Creating for the education purpose of it, but then you have things like Klez, why do people bother?

I'd create a viri to see how I could manipulate the system yes but I woudlnt do it and then relase it, I'd work at it try it on a local network under tested condtions so it couldnt spread

but why bother with delibratly trying to trash peoples computers up?

I used to have respect for Viri Makers, back when it was all done in ASM and it took skill and time, even if they where screwing things up,
but now there are programs designed like Virius Factory for Idiots and I just dont get it,

*sighs*

viol
Maniac (V) Inmate

From: Charles River
Insane since: May 2002

posted posted 05-20-2003 16:13

I have received three emails "sent by microsoft" in the last two days. I simply delete them without opening. It's obvious fake and most likely a virus, because there is attachment to it.

NoJive
Maniac (V) Inmate

From: The Land of one Headlight on.
Insane since: May 2001

posted posted 05-20-2003 16:49

May 19, 2003
Fast-Moving Worm Strikes Internet
By Dennis Fisher

For the second week in a row a fast-moving worm struck the Internet over the weekend and stands ready to infect thousands more machines as office workers log onto their systems Monday morning.
Known as Palyh, the new worm has many of the same characteristics of the Sobig virus that has been around for several months. It is written in the same language and packed with the same program as Sobig, according to an analysis by McAfee Security, a unit of Network Associates Inc., in Santa Clara, Calif. The e-mail borne worm arrives in an executable attachment to a message with a random subject line. The return address on the message is also randomized, with many copies of the worm appearing to come from support@microsoft.com. The subject lines include:

Your Password
Screensaver
Re: Movie
Your details
Approved (Ref: 38446-263)
Re: Approved (Ref: 3394-65467)
Cool screensaver
Re: My details
Re: My application
Re: Movie


The message body reads, "All information is in attached file."

Palyh apparently first hit the Internet on Saturday, with most of the activity in Asia at that point. It began spreading rapidly Sunday and continued to pick up momentum Monday morning. MessageLabs Inc., an e-mail security company based in New York, has seen more than 26,000 copies of the worm, with about 20,000 of those having shown up Monday.

Once executed on a target machine, Palyh copies itself to the registry and the startup routine and then begins looking for open network shares. Some security vendors say that it also attempts to connect to a remote Web site and may attempt to download some malicious code. This behavior is very similar to that of many of the recent network-aware worms, including last week's star, Fizzer.

Palyh then begins extracting e-mail addresses from various locations on the infected machine and mails itself to every address it finds.

Most Recent Security Stories:
Fast-Moving Worm Strikes Internet
NAI Cuts Workforce
SafeNet Secures Tie Between Disparate Networks
Startup Puts New Spin on App Security
more

Search for more stories by Dennis Fisher.
Find white papers on security.
For more security news, check out Ziff Davis Media's Security Supersite.




cyoung
Paranoid (IV) Inmate

From: The northeast portion of the 30th star
Insane since: Mar 2001

posted posted 05-21-2003 05:06

^^ Just got the "Re: Approved..." version. " ^^

synax
Maniac (V) Inmate

From: Cell 666
Insane since: Mar 2002

posted posted 05-21-2003 05:55

I've gotten several versions...

viol
Maniac (V) Inmate

From: Charles River
Insane since: May 2002

posted posted 05-21-2003 06:11

Yeah, they keep coming, I keep deleting them. So far, so good.

Wolfen
Paranoid (IV) Inmate

From: Minnesota
Insane since: Jan 2001

posted posted 05-22-2003 01:45

This is no fun... I don't get any viruses.... Then again it is still a little difficult because I do have a mac and I do not have Outlook or Kazaa.

Jeni
Paranoid (IV) Mad Scientist

From: 8675309
Insane since: Jul 2000

posted posted 05-22-2003 02:36

Yep, I got it too. As a side note Wolfen, I'm on a mac too
Doesn't mean you cant receive it, just means it wont work

Wolfen
Paranoid (IV) Inmate

From: Minnesota
Insane since: Jan 2001

posted posted 05-22-2003 06:56
quote:
Doesn't mean you cant receive it, just means it wont work



Micro$ofts new slogan?

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted posted 05-28-2003 13:21

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

mob68com
Bipolar (III) Inmate

From: Born in Dublin, Ireland .:. now living in the US
Insane since: May 2003

posted posted 05-28-2003 23:20

The company I work for has been getting hit with many of those e-mails all day, we've been checking our e-mail as it comes in with a virus checker and finding what is and what is not effected. We have managed so far to be clean.

Art is in the eye of the beholder

« BackwardsOnwards »

Show Forum Drop Down Menu