Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > VIRUS ATTACHMENTS LAUNCHING AUTOMATICALLY

Reply
Thread Tools

VIRUS ATTACHMENTS LAUNCHING AUTOMATICALLY

 
 
joe
Guest
Posts: n/a
 
      01-30-2004

First one to get it right.....congrats....

Cheers,
'Joe' - (MD version of Northern VA 'Bob')

FromTheRafters wrote:

> <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > Can anyone explain how virus attachments are able to launch
> > automatically in Outlook Express v 5 ?

>
> Yes, it has to do with the fact that the filetype that is indicated in
> the MIME "Content-Type" field does not match the actual filetype
> of the content and the fact that the MIME type info from that
> "Content-Type" field is used by the MIME decoding software
> to determine that it is safe to go ahead and use the content. The
> other problem is that the actual filetype is what the OS uses to
> determine how to treat the file (i.e. it executes it rather than sending
> it to the appropriate, in this case audio, application as it would if it
> really were a "wave" file).
>
> Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
>
> ...or something like that.
>
> You could use a search engine to look for "IFrame exploit"
> (it is a misnomer, but should get some hits anyway). More
> correctly you could search for "Incorrect MIME Type exploit"
> which I believe is the correct name for the exploit. There should
> be some good explanations of how it works if that is what you
> are interested in.


 
Reply With Quote
 
 
 
 
Ben Measures
Guest
Posts: n/a
 
      01-30-2004
Glenn Jarvis wrote:
> http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
>
>> Can anyone explain how virus attachments are able to launch
>> automatically in Outlook Express v 5 ?
>> i dont have to double click the message - simply previewing it is
>> enough for the attachment to launch.
>> my virus software picks it up OK.
>> I am using OE 5 on a test machine.
>>
>> the message source looks like this
>>

> Unfortunately, about 6 months ago , I was using OE5 on dialup and
> encountered one of these. At the time AVG was running and set to
> interface with OE. It didn't pick up on it and I had the preview pane
> off. The sucker within 10 seconds infected my entire network of 4 boxes,
> with o/s on each ranging from dos6.22 to Win95.
> HTH
> Glenn


LOL, you're having a laugh! Tut, tut.

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

 
Reply With Quote
 
 
 
 
Ben Measures
Guest
Posts: n/a
 
      01-30-2004
Heather wrote:
> Outlook Express can be quite safe IF you make sure it is updated and/or
> patched.


Then how comes OE/IE keep needing new patches?

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

 
Reply With Quote
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      01-30-2004
On Thu, 29 Jan 2004 21:01:44 +0000 (UTC), "Alan P"
<alan@(nojunkplease)alancode.net> wrote:

>Reason it did so, because mime type set to wav
>Browser thinks it's a music file, and tries to play it
>Best way is justb turn off HTML formatting
>

How do you turn off HTML formatting in OE 5 ?
I have looked and cant see the setting.
PS
I am doing this because many people are still using OE 5 and I have to
help them.


 
Reply With Quote
 
Roy Coorne
Guest
Posts: n/a
 
      01-30-2004
(E-Mail Removed) wrote:


> How do you turn off HTML formatting in OE 5 ?


OE > Tools > Options > Read ...

Roy
 
Reply With Quote
 
Pebble
Guest
Posts: n/a
 
      01-30-2004
Pardon my ignorance, but are you talking about 'format background sound/colour, is that how a virus is executed without an attachment being opened (midi, wav)? Any attachments that I receive, never open automatically, wave included. Of course, I don't use the preview pane.
--
* * Pebble in Boulder * *
OE 5.00.2615.200

FromTheRafters <!(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
>
> <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > Can anyone explain how virus attachments are able to launch
> > automatically in Outlook Express v 5 ?

>
> Yes, it has to do with the fact that the filetype that is indicated in
> the MIME "Content-Type" field does not match the actual filetype
> of the content and the fact that the MIME type info from that
> "Content-Type" field is used by the MIME decoding software
> to determine that it is safe to go ahead and use the content. The
> other problem is that the actual filetype is what the OS uses to
> determine how to treat the file (i.e. it executes it rather than sending
> it to the appropriate, in this case audio, application as it would if it
> really were a "wave" file).
>
> Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
>
> ...or something like that.
>
> You could use a search engine to look for "IFrame exploit"
> (it is a misnomer, but should get some hits anyway). More
> correctly you could search for "Incorrect MIME Type exploit"
> which I believe is the correct name for the exploit. There should
> be some good explanations of how it works if that is what you
> are interested in.
>
>


 
Reply With Quote
 
Mimic
Guest
Posts: n/a
 
      01-30-2004
"Ben Measures" <(E-Mail Removed)> wrote in message
news:EOlSb.1418$(E-Mail Removed)...
> Heather wrote:
> > Outlook Express can be quite safe IF you make sure it is updated and/or
> > patched.

>
> Then how comes OE/IE keep needing new patches?
>
> --
> Ben M.
>
> ----------------


same reason everything else does

--
Mimic

ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
"Without knowledge you have fear. With fear you create your own nightmares."
"There are 10 types of people in the world. Those that understand Binary,
and those that dont."
"He who controls Google, controls the world".



 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a
 
      01-30-2004

<(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> On Thu, 29 Jan 2004 21:01:44 +0000 (UTC), "Alan P"
> <alan@(nojunkplease)alancode.net> wrote:
>
> >Reason it did so, because mime type set to wav
> >Browser thinks it's a music file, and tries to play it
> >Best way is justb turn off HTML formatting
> >

> How do you turn off HTML formatting in OE 5 ?
> I have looked and cant see the setting.
> PS
> I am doing this because many people are still using OE 5 and I have to
> help them.


Help them to upgrade. There is no "setting" for versions previous
to OE 6.00.2800 for reading in text mode only. I use OE 8.00.2600
(which doesn't have that option) to read newsgroups, but I have
other settings set fairly securely.


 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a
 
      01-31-2004

"FromTheRafters" <!(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
>
> <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> > On Thu, 29 Jan 2004 21:01:44 +0000 (UTC), "Alan P"
> > <alan@(nojunkplease)alancode.net> wrote:
> >
> > >Reason it did so, because mime type set to wav
> > >Browser thinks it's a music file, and tries to play it
> > >Best way is justb turn off HTML formatting
> > >

> > How do you turn off HTML formatting in OE 5 ?
> > I have looked and cant see the setting.
> > PS
> > I am doing this because many people are still using OE 5 and I have to
> > help them.

>
> Help them to upgrade. There is no "setting" for versions previous
> to OE 6.00.2800 for reading in text mode only. I use OE 8.00.2600
> (which doesn't have that option) to read newsgroups, but I have
> other settings set fairly securely.


OE 8 - wow (sorry, I meant OE 6).
OE 8 will probably be a "trusted" app.


 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a
 
      01-31-2004

"Pebble" <(E-Mail Removed)> wrote in message news:ErtSb.35978$(E-Mail Removed)...
> Pardon my ignorance, but are you talking about 'format background sound/colour,


No.

> is that how a virus is executed without an attachment being opened (midi, wav)?


No, not all MIME types were mishandled. audio/x-wav and audio/x-midi
are two of the ones that were I think (at least those are the ones most
used by the worms I have seen). When I use background sound, I get the
audio/wav (not audio/x-wav).

> Any attachments that I receive, never open automatically, wave included.


That is good, how did you accomplish this? Text only e-mail?

> Of course, I don't use the preview pane.


I do. The preview pane opens the e-mail automatically ~ not the
attachment. It is no worse than any other method of opening the
e-mail, the problem is that the user isn't aware that the e-mail is
being automatically opened. I like the preview pane and will
continue to use it ~ albeit, carefully.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Differentiating file attachments from inline attachments in Exchange Peter Green Python 0 11-05-2009 04:13 PM
mail.Attachments (Multiple Attachments) from Querystring codewarrior ASP .Net 0 05-04-2009 07:19 PM
attachments unable to read attachments from email bub.mk Computer Support 1 09-29-2004 02:29 AM
Virus, Virus, Virus..... Phil B Computer Support 2 09-22-2003 05:02 PM



Advertisments