lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7FD2F95D5721174389F954C1BDC86739815186@altair.stcservices.com>
Date: Fri, 2 Apr 2004 12:26:47 -0500
From: BugtraQ <bugtraqFolder@...services.com>
To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: Netsky.R, auto execute w/ IE6 ?



Hello all,

If this is something obvious that I have overlooked I apologize in
advance....

I have received several emails (W2K, Outlook 2000) that appear to be
Netsky.Q or Netsky.R.  When opened these emails launch the attachment
automatically.   In my case, the .pif file has already been removed by my
email server, so the text file that has replaced the virus carrying .pif is
launched by notepad.

Still, this is rather disturbing to me, since AFAIK this is not supposed to
happen.

According to this:
http://www.f-secure.com/v-descs/netsky_q.shtml

Netsky uses an old IE / Outlook MIME type vulnerability to auto launch the
executable:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx

This vulnerability, according to the article, only affects IE5, whereas I am
using IE6 SP1 + patches.

Just to be sure, I did a windows update for all the latest security patches.
Even after this, Outlook still opens the attached file on viewing the email.

Is this new or have I missed something?  I can post the message source if
anyone is interested.

Thanks,
Mike Sassaman




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ