Virus in a Microsoft Security Critical Update??

  Lemur 10:39 26 Sep 2003

Yesterday, I received the following e.mail message. I could not understand what was going on, so I replied as immediately below. Unfortunately, my response delivery failed. I then tried to e.mail MS update service, but was unable to find an e.mail address. I am now even more confused! OH for a human voice.

I have installed all Microsoft patches, and am up to date on them so, does this mean that I have downloaded the funlove Virus? And/or, what is lurking in that attachment? My Norton Anti-Virus Full system report is clean.

Any help or ideas please?


"I am confused!

Please provide evidence that you are truly from Microsoft, AND that it is safe for me to open your attachment.

Thank you,


----- Original Message -----
From: "MS Network Security Division" [email protected]>
To: "MS Client" [email protected]>
Sent: Thursday, September 25, 2003 11:00 PM
Subject: Current Microsoft Critical Pack

> This message has been processed by BTopenworld Email Protection Service
powered by Brightmail(TM) Anti-Virus using
> Symantec's Norton AntiVirus Technology.
> The file Update58.exe attached to this message was found to contain the
malicious virus W32.FunLove.4099 and has been removed by BT Openworld Email
Protection Service powered by Symantec.
> For more information on anti-virus tips and technology, visit
> click here ."

  MAJ 10:49 26 Sep 2003

It's a virus don't open it, Microsoft do not email updates.

  Forum Editor 10:51 26 Sep 2003

you'll never get a response from a Microsoft email - even if you are one of those people who get emails from them.

Most people will never receive a Microsoft email - they don't send them as a matter of course, and this one contains a virus. Fortunately, the BT OpenWorld virus scanner picked it up, so you'll be OK.

Delete the mail, and carry on as normal, but if you ever receive another email purporting to come from Microsoft it will be a hoax or a virus - delete it immediately.

  Lemur 11:36 26 Sep 2003

Thank you MAJ and Forum Editor.

Forum Editor:

A couple of questions come to mind:

1) The original message presumably came from: [email protected] and that the person/people at that address presumably also put the virus into the message. Can those responsible not be traced through that address? I can presumably be traced through my ISP., by anybody with the right authority!

2) Is there any way that I can block e.mails either from, or purporting to be from Microsoft?


  vaughan007 13:13 26 Sep 2003

1. Yes you can be traced through your ISP. However, when you receive emails like that one the email address that it appears to come from is usually a fake and sometimes just some innocent person who has no idea that they're email address has appeared on such an email. Spammers and virus creators use various little tricks to do this. Thats why when you reply to them the email gets bounced.

2. It depends what email software you use. A lot of email packages enable you to block specific addresses and a lot also enable you to block emails that contain certain words. However, the problem with this is that if you get emails that are not spam or a virus it will also block these. Best way is to just delete any email that seems odd. Also, only ever open attachments that you were expecting. If you get an attachment from a friend that you did not expect, ask them if they meant to send it. Always use your up-2-date virus scanner to scan attachment before running them.

  Lemur 17:08 26 Sep 2003

Thanks vaughan007 for your kind and valued help which has helped me to see the situation more clearly. Regards.

  IClaudio 17:32 26 Sep 2003

>>you'll never get a response from a Microsoft email - Most people will never receive a Microsoft email<<

In the early days of my XP XPerience, I suffered a couple of crashes, and elected to send the report to Microsoft. I assumed I'd never hear anything, but back came an e-mail from Microsoft Support offering some very good advice which got me out of the hole I'd dug. It was purportedly from a human with a real name. I didn't believe this (it was on a Sunday, after all) and replied rather sarcastically to what I thought must be an Automated Response... but no, it turned out to be a real-live person. As I said, they were very helpful and supportive, so Microsoft isn't all bad!

But you're correct of course, Critical Updates will never be sent as an attachment...

  Gaz 25 17:37 26 Sep 2003

click here

It is the Gibe.C or Swen.A worm....

It hides into an e-mail from MS, but isnt really from MS.

UPDATES ARE NEVER sent via e-mail from microsoft, always use: click here

THE virus will run and execute on a system even if you do not open an attachment if it is not patched.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Sea of Thieves Review

Dell Canvas review: the cheap Wacom Cintiq alternative

How to use iMovie for Mac, tips and more

Comment filmer l’écran d’un iPhone ?