HiWAAY: Information/Internet Services

HiWAAY's FAQs

An FAQ is a Frequently Asked Question. We have listed here the question paired with the appropriate answer. If you don't find the answer to your question, please visit our customer support page or email support@HiWAAY.net.

Busy Signal Report Form: Report a busy signal.

There are currently 249 FAQs in the database.

View: By Category  All 

XYZ - The Retired FAQ Archive

Old FAQs - We've kept these older FAQs in the archive just in case someone needs the information. These archived FAQs are no longer maintained and will certainly be out-of-date and contain errors.

Question: Dumaru and Panda.B worms send out fake Microsoft security patches.

Answer:

Whenever there's a major virus event affecting Internet users, there are always people who just want to increase the amount chaos. One of the methods has always been to create email worms that send out fake messages pretending to be from Microsoft. Note: Microsoft will never send security patches or updates via email. Any email you might receive that says it's from Microsoft and suggests you open an attached file will always be a fake message.

The current Balster/Welchia Internet worm crisis is a prime candidate for these fake security messages and indeed two have already shown up. Both send out email that pretends to be security announcements from Microsoft. The email includes an attached file that is supposed to be a security patch from Microsoft. The attached file is a worm. Opening it will infect your computer.

The first worm is called or W32.Pandem.B.Worm or W32.Squirm@mm. It sends out an email that looks like this: 

From: support@microsoft.com
Subject: Microsoft Security Bulletin

Unchecked Buffer in Windows Explorer Could Enable System Compromise (329390)

Summary
Who should read this bulletin: Customers using Microsoft  Windows 95,98,2K,
ME,XP Impact of vulnerability: Run code of an attacker's choice

Maximum Severity Rating: Critical

Recommendation: Customers using Microsoft Windows 95,98,2K,ME,XP should 
apply the patch immediately.


The attachment will either be called patch.zip or patch_329390.exe.

You can read more about W32.Pandem.B.Worm at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.pandem.b.worm.html



The second, more common, worm is called W32.Dumaru@mm or Dumaru for short. It sends out an email that looks like this: 

Date: Fri, 22 Aug 2003 21:46:46 -0500 (CDT)
From: Microsoft 
Subject: Use this patch immediately !

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
The attachment will be called patch.exe.

You can read more aboutW32.Dumaru@mm at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html

Both worms can be easily stopped by running up-to-date anti-virus software.


Search FAQs

Search for ..