HP3000-L Archives

May 2000, Week 4

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Suspected hacker attack - Can anyone advise?
From:
bill grefe <[log in to unmask]>
Reply To:
bill grefe <[log in to unmask]>
Date:
Mon, 22 May 2000 13:42:25 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (83 lines) 
A possible explanation from a newsletter I recently received

* Some email viruses spreading WITHOUT opening attachment

I could not trace who sent me this, but it's a nasty one that I received
last week, so I thought I'd make you aware of it.  Systems running Internet
Explorer (IE) version 5.0 and/or MS Office 2000 are vulnerable to some virus
attacks using most email systems, even if the email recipient opens no
attachments.
You don't even have to use IE; just have it installed with the default
security settings.  If you have not closed the hole, you can receive viruses
(and spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is caused
by a programming bug in an Internet Explorer ActiveX control called
scriptlet.typelib.
This is by far the fastest growing virus distribution problem and ripe for a
hugely destructive event - at least as large as the ILOVEYOU virus.
Updating your virus detection software, while important, is not an effective
solution for this problem.  You must also close the hole.  The hole can be
closed in five minutes or less using tools available at Microsoft's security
site: http://www.microsoft.com/security/bulletins/ms99-032.asp The
correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick FitzGerald
of Computer Virus Consulting Ltd. for raising the visibility of this
dangerous problem.

Bill Grefe
[log in to unmask]

-----Original Message-----
From:   HP-3000 Systems Discussion [mailto:[log in to unmask]] On Behalf
Of Jim McCoy
Sent:   Monday, May 22, 2000 1:32 PM
To:     [log in to unmask]
Subject:        Re: Suspected hacker attack - Can anyone advise?

I did not open this file.
The script ran from the preview pane as soon as it displayed.

I always look at addresses, subject lines and scan attachments before
opening any
email.  I don't know yet how this executed.

Jim Mc Coy
----- Original Message -----
From: David Burney <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, May 22, 2000 1:25 PM
Subject: Re: Suspected hacker attack - Can anyone advise?


> On Monday, May 22, 2000 1:18 PM, Jim McCoy  wrote:
> : In my email this morning, I found a suspicious email which I had enough
> : sense not to open.  Bit I was still outsmarted by it.
> :
> : It was from an odd/unidentifiable email address with a subject of "How
are
> : you?".  There was no attachment.  I had the Preview pane in Outlook
activated
> and
> : the  message was blank.
> :
> : Apparently a script was able to activate that launched MSIE and linked
to a
> : foreign web site.
>
> <snip>
>
> Jim, just to clarify. Are you saying that you didn't actually open the
> message itself, yet the preview pane of Outlook, in a sense, did ?
> Therefore activating the aforementioned script ?
>
> -------------------------------------------------------------------------
> David Burney                    mailto:[log in to unmask]
> Summit Racing Equipment        http://www.summitracing.com
>                         -----------
>                                 Wu Wei
>                         -----------
>       All opinions expressed herein are my own and reflect,
>                   in no way, those of my employer.
>

ATOM RSS1 RSS2