Is this what causes a banned attachment (bannotify.eml) message to be sent with no attachment name? We are getting a lot of these to postmaster at a number of domains that we support.
Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) > Sent: Friday, September 19, 2003 9:49 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] New variant of Swen, or something else? > > > Has anybody else seen these yet? They too are coming through to my tech > > guy's address, but are not getting caught by F-Prot. > > What I am seeing is occasional messages where the actual exe is not > included, even though the mime reference may be there. > > Received: from tukan.internet-info.com.pl [195.216.120.130] by > mail.eservicesforyou.net with ESMTP > (SMTPD32-8.02) id A6BDAB801C2; Fri, 19 Sep 2003 05:29:49 -0700 > Received: from ezdt (egate.emp.itelligence.pl [193.111.22.16]) > by tukan.internet-info.com.pl (Postfix) with SMTP > id 0C45A2BF89; Fri, 19 Sep 2003 14:28:44 +0200 (CEST) > From: "Program Security Center" <[EMAIL PROTECTED]> > To: "MS Corporation Customer" <[EMAIL PROTECTED]> > SUBJECT: Internet Critical Update > Mime-Version: 1.0 > Content-Type: multipart/mixed; boundary="qsdziwjmrkcxn" > Message-Id: <[EMAIL PROTECTED]> > Date: Fri, 19 Sep 2003 14:28:44 +0200 (CEST) > X-Declude-Sender: [EMAIL PROTECTED] [195.216.120.130] > X-Declude-Spoolname: Df6bd0ab801c2e35c.SMD > X-RBL-Warning: Total weight: 0 > X-Tests-Failed: None > X-Note: This E-mail was sent from ([195.216.120.130]). > X-Note: This e-mail was scanned by eServices For You for Viruses and SPAM. > X-Note: To report any issues, please contact [EMAIL PROTECTED] > > --qsdziwjmrkcxn > Content-Type: multipart/related; boundary="ozaydevsgioptrcb"; > type="multipart/alternative" > > --ozaydevsgioptrcb > Content-Type: multipart/alternative; boundary="kogauxmvvlqxf" > > --kogauxmvvlqxf > Content-Type: text/plain > Content-Transfer-Encoding: quoted-printable > > Microsoft Customer > > this is the latest version of security update, the > "September 2003, Cumulative Patch" update which eliminates > all known security vulnerabilities affecting > MS Internet Explorer, MS Outlook and MS Outlook Express. > Install now to maintain the security of your computer > from these vulnerabilities, the most serious of which could > allow an attacker to run code on your computer. > This update includes the functionality = > of all previously released patches. > > System requirements: Windows 95/98/Me/2000/NT/XP > This update applies to: > - MS Internet Explorer, version 4.01 and later > - MS Outlook, version 8.00 and later > - MS Outlook Express, version 4.01 and later > > Recommendation: Customers should install the patch = > at the earliest opportunity. > How to install: Run attached file. Choose Yes on displayed dialog box. > How to use: You don't need to do anything after installing this item. > > --kogauxmvvlqxf > Content-Type: text/html > Content-Transfer-Encoding: quoted-printable > > <HTML> > <HEAD> > <style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none} > </style> > </HEAD> > > <BODY BGCOLOR=3D"White" TEXT=3D"Black"> > <BASEFONT SIZE=3D"2" face=3D"verdana,arial"> > <TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB"> > <TR height=3D"20"> > <TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2"> > <FONT FACE=3D"sans-serif" SIZE=3D"5"><I><B> > <A class=3D'navtext' HREF=3D"http://www.microsoft.com/"; > TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A> > </B></I></FONT> > </TD> > > <TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP> > <FONT color=3D"#ffffff" size=3D1> > <A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' = > target=3D"_top">All Products</A> | > <A class=3D'navtext' href=3D'http://support.microsoft.com/' = > target=3D"_top">Support</A> | > <A class=3D'navtext' href=3D'http://search.microsoft.com/' = > target=3D"_top">Search</A> | > <A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top> > Microsoft.com Guide</A> > </FONT> > </TD> > </TR> > > <TR> > <TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP> > <FONT FACE=3D"Verdana, Arial" SIZE=3D1><B> > <A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top"> > Microsoft Home</A> </B> > </FONT> > </TD> > </TR> > </TABLE> > > <IMG SRC=3D"cid:afnhuba"; BORDER=3D"0"><BR><BR> > <TABLE WIDTH=3D"600"><TR><TD><FONT SIZE=3D"2"> > Microsoft Customer<BR><BR> > this is the latest version of security update, the > "September 2003, Cumulative Patch" update which eliminates > all known security vulnerabilities affecting > MS Internet Explorer, MS Outlook and MS Outlook Express. > Install now to maintain the security of your computer > from these vulnerabilities, the most serious of which could > allow an attacker to run code on your computer. > This update includes the functionality = > of all previously released patches. > </FONT></TD></TR> > </TABLE> > > <BR><BR> > <TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600"> > <TR VALIGN=3D"TOP"> > <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:cjtfdpb"; = > ALIGN=3D"absmiddle" BORDER=3D"0"> System requirements</B> > </FONT></TD> > <TD NOWRAP><FONT SIZE=3D"1">Windows 95/98/Me/2000/NT/XP</FONT></TD> > </TR> > > <TR VALIGN=3D"TOP"> > <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:cjtfdpb"; = > ALIGN=3D"absmiddle" BORDER=3D"0"> This update applies to</B> > </FONT></TD><TD NOWRAP> > <FONT SIZE=3D"1"> > MS Internet Explorer, version 4.01 and later<BR> > MS Outlook, version 8.00 and later<BR> > MS Outlook Express, version 4.01 and later > </FONT> > </TD> > </TR> > > <TR VALIGN=3D"TOP"> > <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:cjtfdpb"; = > ALIGN=3D"absmiddle" BORDER=3D"0"> Recommendation</B></FONT></TD> > <TD NOWRAP><FONT SIZE=3D"1">Customers should install the patch = > at the earliest opportunity.</FONT></TD> > </TR> > > <TR VALIGN=3D"TOP"> > <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:cjtfdpb"; = > ALIGN=3D"absmiddle" BORDER=3D"0"> How to install</B></FONT></TD> > <TD NOWRAP><FONT SIZE=3D"1">Run attached file. = > Choose Yes on displayed dialog box.</FONT></TD> > </TR> > > <TR VALIGN=3D"TOP"> > <TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:cjtfdpb"; = > ALIGN=3D"absmiddle" BORDER=3D"0"> How to use</B></FONT></TD> > <TD NOWRAP><FONT SIZE=3D"1">You don't need to do = > anything after installing this item.</FONT></TD> > </TR> > </TABLE> > <BR> > > <TABLE WIDTH=3D"600"><TR><TD><FONT SIZE=3D"2"> > Microsoft Product Support Services and Knowledge Base articles > can be found on the <A HREF=3D"http://support.microsoft.com/"; = > TARGET=3D"_top">Microsoft Technical Support</A> web site. = > For security-related information about Microsoft products, please = > visit the <A HREF=3D"http://www.microsoft.com/security"; TARGET=3D"_top"> > Microsoft Security Advisor</A> web site, = > or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp"; = > TARGET=3D"_top">Contact Us.</A> > <BR><BR> > Thank you for using Microsoft products.<BR><BR></FONT> > <FONT SIZE=3D"1">Please do not reply to this message. = > It was sent from an unmonitored e-mail address and we are unable = > to respond to any replies.<BR></FONT> > > <HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%"> > <FONT SIZE=3D"1" COLOR=3D"Gray">The names of the actual companies and = > products mentioned herein are the trademarks = > of their respective owners.</FONT> > </TD></TR></TABLE> > > <BR> > <TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB"> > <TR VALIGN=3D"TOP"> > <TD WIDTH=3D"5"></TD> > <TD> > <FONT COLOR=3D"#FFFFFF" SIZE=3D"1"><B> > <A class=3D'navtext' HREF=3D"http://www.microsoft.com/= > contactus/contactus.asp" TARGET=3D"_top">Contact Us</A> > | > <A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/"; = > TARGET=3D"_top">Legal</A> > | > <A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605"; = > TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A> > </FONT></B> > </TD> > </TR> > > <TR VALIGN=3D"MIDDLE"> > <TD WIDTH=3D"5"></TD> > <TD> > <FONT COLOR=3D"#FFFFFF" SIZE=3D"1"> > ©2003 Microsoft Corporation. All rights reserved. > <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= > info/cpyright.htm" TARGET=3D"_top">Terms of Use</A> > | > <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= > info/privacy.htm" TARGET=3D"_top"> > Privacy Statement</A> | > <A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/= > enable/" TARGET=3D"_top">Accessibility</A> > </FONT> > </TD> > </TR> > > </TABLE> > </BODY> > </HTML> > > --kogauxmvvlqxf-- > > --ozaydevsgioptrcb > Content-Type: image/gif > Content-Transfer-Encoding: base64 > Content-ID: <afnhuba> > > R0lGODlhaAA7APcAAP///+rp6puSp6GZrDUjUUc6Zn53mFJMdbGvvVtXh2xre8bF1x8cU4yL pr > Oy > .. > BxcFCjgwgQSJCQcWCggIADs= > > --ozaydevsgioptrcb-- > > --qsdziwjmrkcxn > Content-Type: application/x-msdownload; name="Pack213.exe" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment > > > > --qsdziwjmrkcxn-- > > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus > (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
