Weird "Microsoft" E-mail

eirebhoy

I just got an e-mail which it says is from MS Corporation Internet Security Division and it looks like a regular Microsoft e-mail with the logo and several links to certain parts of there site. But the reason I don't believe its from Microsoft is because it contains an attachment which I don't think Microsoft usually send and the word "install" ins greyed out so it can't be downloaded (not that I would have anyway).

Here's what the e-mail say's:

Microsoft Client

this is the latest version of security update, the "September 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to maintain the security of your computer. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

---

The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

I don't really know how to find the information of the sender so I right clicked the e-mail and clicked the details tab and this is what it says:

X-Message-Info: pdGgd64CkwYBecCeulYyOUPb8nhFYKh1qpbh2VmgBRM=
Received: from mc7-f27.hotmail.com ([65.54.253.34]) by mc7-s3.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sat, 27 Sep 2003 22:58:06 -0700
Received: from mta02bw.bigpond.com ([144.135.24.138]) by mc7-f27.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sat, 27 Sep 2003 22:57:51 -0700
Received: from aomf ([144.135.24.72]) by mta02bw.email.bigpond.com
(iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
with SMTP id <0HLW00MD9TRDCY@mta02bw.email.bigpond.com>; Sun,
28 Sep 2003 15:55:13 +1000 (EST)
Received: from cpe-203-51-24-111.nsw.bigpond.net.au ([203.51.24.111])
by bwmam02bpa.bigpond.com(MAM REL_3_3_2d 17/1186150); Sun,
28 Sep 2003 15:54:49 +0000
Date: Sun, 28 Sep 2003 15:54:50 +1000 (EST)
Date-warning: Date header was inserted by mta02bw.email.bigpond.com
From: MS Corporation Internet Security Division <nhvjael@bulletin.msdn.net>
Subject: Current Network Critical Upgrade
To: MS Client <client_mzbjuft@bulletin.msdn.net>
Message-id: <0HLW00MDATRDCY@mta02bw.email.bigpond.com>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="Boundary_(ID_trWGP+nl2UVMDf2oKNBz8A)"
Return-Path: sena@bigpond.net.au
X-OriginalArrivalTime: 28 Sep 2003 05:57:52.0237 (UTC) FILETIME=[742719D0:01C38585]

Is this an actual e-mail from Microsoft or is it a virus? If so should I report it?

rob1891

Virus, delete it.

if you have a friend from .au/australia and hosting/email address with bigpond then let them know they've got a virus, otherwise just forget about it.

the relevant line is this:

Received: from cpe-203-51-24-111.nsw.bigpond.net.au ([203.51.24.111])
by bwmam02bpa.bigpond.com(MAM REL_3_3_2d 17/1186150); Sun,
28 Sep 2003 15:54:49 +0000

byte

Ah I was sent the same email with the attachment, but I just deleted it as MS will never send emails with attachments.

rymus

got that one at least 200 times by now... Gets really annoying when some of the users on the network that dont know much about computers run it thinking its actually from microsoft.

So now I'm left with a nice infestation

eirebhoy

Now I am getting different e-mails:

Hi.
I'm afraid the message returned below could not be delivered to the following addresses:



Undeliverable to aytnqoebq@rocketmail.com


Message follows:

That e-mail address means nothing to me. Any ideas whats happening?

Frank Grimes

That e-mail address means nothing to me. Any ideas whats happening?

If it has an attachment it's a virus more than likley.
Try typing stuff into www.google.ie there's a few answers there too.

Kali

eireboy.. looks like your computer could already be infected (or the virus ran somehow)... and its trying to send out dozens of emails from addresses found on your system (regardless if you know the addresses or not).. post up the complete email header details.

eirebhoy

E-mail 1:

X-Message-Info: 820stLNiepR2PyHkKYPO1j0ZEdb1QON3bsaV2SVmfzw=
Received: from mc12-f19.hotmail.com ([65.54.167.155]) by mc12-s2.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sun, 28 Sep 2003 19:17:17 -0700
Received: from mta01ps.bigpond.com ([144.135.25.155]) by mc12-f19.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sun, 28 Sep 2003 19:16:51 -0700
Received: from ssqhlld ([144.135.25.72]) by mta01ps.email.bigpond.com
(iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003))
with SMTP id <0HLY00LD0DY24A@mta01ps.email.bigpond.com>; Mon,
29 Sep 2003 12:08:50 +1000 (EST)
Received: from cpe-203-51-24-111.nsw.bigpond.net.au ([203.51.24.111])
by psmam02bpa.bigpond.com(MAM REL_3_3_2d 80/2921452); Mon,
29 Sep 2003 12:08:26 +0000
Date: Mon, 29 Sep 2003 12:08:27 +1000 (EST)
Date-warning: Date header was inserted by mta01ps.email.bigpond.com
From: Microsoft Email Service <smtpbot@rocketmail.com>
Subject: Failure Announcement
To: email user <recipient@smtpdomain.com>
Message-id: <0HLY00LD1DY24A@mta01ps.email.bigpond.com>


Email 2:

X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD
Received: from mail00.svc.cra.dublin.eircom.net ([159.134.118.16]) by mc2-f17.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Sun, 28 Sep 2003 15:24:44 -0700
Received: (qmail 50849 messnum 1838617 invoked from network[159.134.254.6/p254-6.as1.nas.naas.eircom.net]); 28 Sep 2003 22:23:51 -0000
Received: from p254-6.as1.nas.naas.eircom.net (HELO huapozx) (159.134.254.6)
by mail00.svc.cra.dublin.eircom.net (qp 50849) with SMTP; 28 Sep 2003 22:23:51 -0000
FROM: "MS Inet System" <emailroutine@rocketmail.com>
TO: " " < >
SUBJECT: error report
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="rkgywicgwc"
Return-Path: stevetaylor1@eircom.net
Message-ID: <MC2-F17iqpJjmH4PrC10008bd29@mc2-f17.hotmail.com>
X-OriginalArrivalTime: 28 Sep 2003 22:24:45.0066 (UTC) FILETIME=[51BFC6A0:01C3860F]
Date: 28 Sep 2003 15:24:45 -0700

Frank Grimes

eireboy, you're just getting viruses. Delete them and ignore it.
Take a look here if you don't believe me:
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

Creamy Goodness

microsoft never send out updates via mails

they'll always send a link if anything

the Guru

its the swen virus go to symantec and get rid of it

I have been using web based email for the last while

As I got hit by that Microsoft email But I got rid of it

shinzon

thats the swen virus alright i got it and it sent 100 of e-mails out to ficticious addresses from my mail account, but ive gotten rid of it now still comes into me on a regular basis though but all i do is delete them

shin