Virus masquerading as MS email

[MTAtech]

I got this as email today, allegedly from "Microsoft Network Security Department". In HTML it looked like a MS webpage. On the face it looks official but the sender's email (rmjpqkpmbp@confidence.microsoft.net) looked funny to me and I didn't think Microsoft emailed fixes. The attachment (install8.exe) had the Worm.Automat.AHB worm/virus.

This is the text of the message:
=======================================

Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home


Microsoft Consumer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your system. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility

[muno]

True, microsoft never emails fixes. They may email information to subscribed customers about fixes, but they do not email fixes.
-M

[nomaxim]

Try Here was on Reuters last night.

Looks like an old virus from like two years ago has resurfaced. ??? This one was called Swen/Gibe maybe the same ?

[MTAtech]

nomaxim, doesn't look like the same thing. What makes this dangerous is how real the email looks. It will fool many people.

[nomaxim]

Yeah, your right. ON BOTH POINTS!

NAI has nothing on this one and Symantec doesn't give a whole lot of info either.