Ny orm forestiller Microsoft sikkerhetsoppdatering

Gibe-ormen prøver å innbille mottagerne at den er en sikkerhetsoppdatering. Om den kjøres, vil den sende e-post til alle i addresseboka di.

Den ferske ormen Gibe utgir seg for å være en sikkerhetsoppdatering fra Microsoft, men om den kjøres kan den oversvømme mailservere med trafikk.
Ormen, som er skrevet i Visual Basic, kommer med emnelinjen "Internet Security Update", og prøver å innbille mottageren at den er fra Microsoft. Det er den ikke. Microsoft sender ikke ut sikkerhetsoppdateringer som e-post.

Dette er ikke første gang noen prøver å lure folk på denne måten. Heldigvis inneholder teksten i e-posten en rekke stavefeil som skulle gjøre den enklere å avsløre. Om den kjøres, vil den sende seg selv til alle i addresseboken, samt installere en bakdør som kan slippe crackere inn på maskinen.


Her er teksten i virus-posten, slik den tidligere er gjengitt på ZD Net:
"
Microsoft Customer,

this is the latest version of security update, the update which eliminates all known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.

Description of several well-know vulnerabilities:

- "Incorrect MIME Header Can Cause IE to Execute email Attachment" vulnerability. If a malicious user sends an affected HTML email or hosts an affected email on a Web site, and a user opens the email or visits the Web site, Internet Explorer automatically runs the executable on the user's computer.

- A vulnerability that could allow an unauthorized user to learn the location of cached content on your computer. This could enable the unauthorized user to launch compiled HTML Help (.chm) files that contain shortcuts to executables, thereby enabling the unauthorized user to run the executables on your computer.

- A new variant of the "Frame Domain Verification" vulnerability could enable a malicious Web site operator to open two browser windows, one in the Web site's domain and the other on your local file system, and to pass information from your computer to the Web site.

- CLSID extension vulnerability. Attachments which end with a CLSID file extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be blocked.

System requirements: Versions of Windows no earlier than Windows 95.

This update applies to:
Versions of Internet Explorer no earlier than 4.01 Versions of MS Outlook no earlier than 8.00 Versions of MS Outlook Express no earlier than 4.01
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing this item.

For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below. If you have some questions about this article contact us at rdquest12@microsoft.com

Thank you for using Microsoft products.
With friendly greetings, MS Internet Security Center.

Microsoft is registered trademark of Microsoft Corporation. Windows and Outlook are trademarks of Microsoft Corporation.

"
Filen heter q216309.exe (122,880 bytes) og utgir seg for å være et notat i Microsoft Knowledge Base. Gibe installerer en bakdør, og de som bruker brannmur kan tenkes å få økt trafikk til port 12387, som ZD Net skriver. Det er kun Windows-brukere som blir påvirket av denne lille sniken.

Til toppen