HP3000-L Archives

December 1999, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
WARNING: Re: Check This
From:
Glenn Cole <[log in to unmask]>
Reply To:
Glenn Cole <[log in to unmask]>
Date:
Sat, 11 Dec 1999 08:18:58 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Wirt writes:

> I've simply made it policy here that no one opens any file that has any form
> of extension other than .txt or .jpg, .gif, etc. I know of no way that these
> sorts of files can do you any possible harm, but opening an .exe, .vbs, etc.
> (or even a .doc) file from someone you don't know is just plain foolish
> nowadays.

Unfortunately, there are two things here which do not go far enough.

The more obvious one involves opening an exe, etc., from "someone you
don't know."  Of course, that's how the Melissa virus/worm spread so fast;
people opened the attachment because it was from someone they knew.

Unfortunately, the .jpg policy doesn't go far enough either.  NEWS.COM
reported last month of Yet Another Vulnerability of Lookout (er, Outlook)
Express:

   The new vulnerability works through a series of disguises, Levy said. First,
   the malicious program is converted into a Microsoft archive format called a
   "cab" file. Then, the cab file is renamed with an extension of a file type
   that Outlook isn't concerned with (such as "jpg," "mov," or "txt"), then
   emailed as an attachment.

   When the victim clicks on the attachment, the cab file is decompressed and
   its contents saved to a specific location. The last stage occurs when a
   Javascript program in the email then can execute the potentially malicious
   program that was contained in the cab file.

The full story is at

   < http://news.cnet.com/news/0-1003-200-1432242.html >

FWIW.

--Glenn

ATOM RSS1 RSS2