| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Apr 2004 12:26:47 -0500 From: BugtraQ <bugtraqFolder@...services.com> To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com> Subject: Netsky.R, auto execute w/ IE6 ? Hello all, If this is something obvious that I have overlooked I apologize in advance.... I have received several emails (W2K, Outlook 2000) that appear to be Netsky.Q or Netsky.R. When opened these emails launch the attachment automatically. In my case, the .pif file has already been removed by my email server, so the text file that has replaced the virus carrying .pif is launched by notepad. Still, this is rather disturbing to me, since AFAIK this is not supposed to happen. According to this: http://www.f-secure.com/v-descs/netsky_q.shtml Netsky uses an old IE / Outlook MIME type vulnerability to auto launch the executable: http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx This vulnerability, according to the article, only affects IE5, whereas I am using IE6 SP1 + patches. Just to be sure, I did a windows update for all the latest security patches. Even after this, Outlook still opens the attached file on viewing the email. Is this new or have I missed something? I can post the message source if anyone is interested. Thanks, Mike Sassaman
Powered by blists - more mailing lists