"My Details" email? Anybody else?

[Claudia1]

I received (and deleted without opening the attachment) an email from support@microsoft.com entitled, "My Details", sent to my DISboard email address. My ISP flagged it as containing a virus and successfully removed it.

I don't have any reason to be receiving an email from Microsoft via my DIS addy and am not expecting an email from any DISsers about "My Details". It did not seem right to me.

Anybody else get this?

(....... or did I just delete a legit email from one of you?!?!?!)

 

[phamton]

I suspect it is W32.Gibe.B@mm

Someone on Dis probably has your Dis email in their address book. I receive this worm a couple of times a month. It looks like an official letter from Microsoft support about a security patch Outlook Express and Internet Explorer. If you install the patch, you have installed the virus. Microsoft will never send you a patch.

Microsoft has a warning on this page: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp


Here's the information on the virus. http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe.b@mm.html W32.Gibe.B@mm is a variant of W32.Gibe@mm. This mass-mailing worm uses Microsoft Outlook and its own SMTP engine to send itself to all the contacts in the Microsoft Outlook Address Book and the Windows Address Book. The email is disguised as a Microsoft Security Update and it arrives with an attachment that has a .exe or .zip file extension.

W32.Gibe.B@mm copies itself as WebLoader.exe to the startup folder of all the mapped remote drives. This worm also attempts to spread through the KaZaA file-sharing network and Internet Relay Chat (IRC). W32.Gibe.B@mm may send itself to some news groups whose URLs are carried by the worm.

 

[Claudia1]

Thanks for the info!

Even though I am not up on the nitty gritty of the viruses going around, I'm pretty good at deleting suspicious stuff before opening it. We done routine Norton anit-virus scans but I'm still careful about these things.

Thanks again.

 

[phamton]

It seems I was wrong. It is a worm but not the one I listed.

Beware, as this is NOT a real email from Microsoft.

WORM_PALYH.A
Aliases: W32.HLLW.Mankx@mm, W32/Palyh@MM

The worm creates an event object object named “Mnkx.X”. This serves as a reference to succeeding executions of the worm that it is already existing in memory.

The worm attempts to download data from www.geocities.com Web pages. It checks the current system date and stops its malicious behavior when the date is May 31, 2003 or later.

Though the worm will not propagate on and after the said date, it would still be alive in the infected machine and needs to be scanned to be removed completely.



Description:

This worm propagates by using its own SMTP engine to mass-mail copies of itself to other users. It sends email with the following details:

From: support@microsoft.com
Subject: (any of the following)
Re: My details
Re: Approved (Ref: 3394-65467)
Re: Movie
Re: My application

This worm runs on Windows 95, 98, ME, NT, 2000, and XP.


http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PALYH.A