今晚收到一封信,若不是因為Norton AntiVirus出警告我還不曉得,全文我有附上,
其附檔有毒。依其Mail header看來就有亦機了,因為看不到microsoft.com的字樣,
並且現在M$所發的Mail都有PGP的Sign資料。且正確的 MS02-005的URL是這個才是,
東東說的不一樣http://www.microsoft.com/technet/sec...S02-005.asp。
Norton AntiVirus查出的資訊:
======================================
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Gibe@mm
File: q216309.exe
Location: Mail System
Computer: Mxxxx
User: xxxx
Action taken: Clean failed : Quarantine succeeded :
Date found: Thu Mar 07 22:17:18 2002
================================================
文件Mail Header如下,並不是由M$的Server所發出的:
_____________________________________________________________
Return-Path: <[email protected]>
Received: from ms6.hinet.net ([email protected] [168.95.4.60])
by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g27DTF016623
for <[email protected]>; Thu, 7 Mar 2002 21:29:16 +0800
Received: from mta02-srv.alltel.net (mta02.alltel.net [166.102.165.144])
by ms6.hinet.net (8.8.8/8.8.8) with ESMTP id VAA24104
for <[email protected]>; Thu, 7 Mar 2002 21:21:35 +0800 (CST)
Received: from pfuckie ([166.102.134.84]) by mta02-srv.alltel.net with SMTP
id <20020307132040.LEZK17714.mta02-srv.alltel.net@pfuckie>;
Thu, 7 Mar 2002 07:20:40 -0600
___________________________________________________________________
M$發的Mail Header正確如下:
______________________________________________________________________
Return-Path: <0_26849_D5BEA2C2-5738-D211-B3D2-00805F778512_TW@Newsletters.Microsoft.com>
Received: from ms6.hinet.net ([email protected] [168.95.4.60])
by localhost.localdomain (8.11.6/8.11.6) with ESMTP id g272nc015968
for <[email protected]>; Thu, 7 Mar 2002 10:49:39 +0800
Received: from delivery.pens.microsoft.com ([207.46.239.37])
by ms6.hinet.net (8.8.8/8.8.8) with ESMTP id KAA16163
for <[email protected]>; Thu, 7 Mar 2002 10:42:08 +0800 (CST)
Received: from tkmsftddsq04 ([10.201.232.143]) by delivery.pens.microsoft.com with Microsoft SMTPSVC(5.0.2195.4905);
Wed, 6 Mar 2002 18:41:01 -0800
__________________________________________________________________________
文件全文如下:
______________________________________________________________
Microsoft Customer,
this is the latest version of security update, the
"3 Mar 2002 Cumulative Patch" update which eliminates all
known security vulnerabilities affecting Internet Explorer and
MS Outlook/Express as well as six new vulnerabilities, and is
discussed in Microsoft Security Bulletin MS02-005. Install now to
protect your computer from these vulnerabilities, the most serious of which
could allow an attacker to run code on your computer.
Description of several well-know vulnerabilities:
- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability. If a malicious user sends an affected HTML e-mail or hosts an affected
e-mail on a Web site, and a user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the executable on the user's computer.
- A vulnerability that could allow an unauthorized user to learn the location of cached content on your computer. This could enable the unauthorized user to launch compiled HTML Help (.chm) files that contain shortcuts to executables, thereby enabling the unauthorized user to run the executables on your computer.
- A new variant of the "Frame Domain Verification" vulnerability could enable a
malicious Web site operator to open two browser windows, one in the Web site's
domain and the other on your local file system, and to pass information from
your computer to the Web site.
- CLSID extension vulnerability. Attachments which end with a CLSID file extension
do not show the actual full extension of the file when saved and viewed with
Windows Explorer. This allows dangerous file types to look as though they are simple,
harmless files - such as JPG or WAV files - that do not need to be blocked.
System requirements:
Versions of Windows no earlier than Windows 95.
This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item.
For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below. http://www.microsoft.com/windows/ie/...al/default.asp
If you have some questions about this article contact us at [email protected]
Thank you for using Microsoft products.
With friendly greetings,
MS Internet Security Center.
----------------------------------------
----------------------------------------
Microsoft is registered trademark of Microsoft Corporation. Windows and Outlook are trademarks of Microsoft Corporation.
__________________________________________________________________________
 |
回覆時引用此文章
書籤