[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7FD2F95D5721174389F954C1BDC86739815186@altair.stcservices.com>
Date: Fri, 2 Apr 2004 12:26:47 -0500
From: BugtraQ <bugtraqFolder@...services.com>
To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: Netsky.R, auto execute w/ IE6 ?
Hello all,
If this is something obvious that I have overlooked I apologize in
advance....
I have received several emails (W2K, Outlook 2000) that appear to be
Netsky.Q or Netsky.R. When opened these emails launch the attachment
automatically. In my case, the .pif file has already been removed by my
email server, so the text file that has replaced the virus carrying .pif is
launched by notepad.
Still, this is rather disturbing to me, since AFAIK this is not supposed to
happen.
According to this:
http://www.f-secure.com/v-descs/netsky_q.shtml
Netsky uses an old IE / Outlook MIME type vulnerability to auto launch the
executable:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx
This vulnerability, according to the article, only affects IE5, whereas I am
using IE6 SP1 + patches.
Just to be sure, I did a windows update for all the latest security patches.
Even after this, Outlook still opens the attached file on viewing the email.
Is this new or have I missed something? I can post the message source if
anyone is interested.
Thanks,
Mike Sassaman
Powered by blists - more mailing lists