Author: John (EBo) David Date: Subject: M$ vulnerability question
Craig White wrote: >
> It's not a question of whether you would cause the executable to run by
> double clicking - it's a question of just merely 'previewing' the email
> would cause it to run. Microsoft built 'auto executing' (VBA) into all
> of their programs and that includes Outlook & Outlook Express which
> makes them especially vulnerable to email borne executables. Thus you
> don't have to be dumb enough to double click the file called Anna
> Kournikova.jpg.exe to infect your computer - just touching the email and
> clicking delete is enough to infect.
understand.
> This is indeed a security bulletin where the fix has been available for
> over a month and thus legit.
>
> It should be noted that it's not just emails but there is some malicious
> code embedded on web pages that can get you too...I believe that
> everyone is supposed to be at Mozilla .97 or higher (a keen eye towards
> Hans' earlier post).
yep...
> PS - it's the people you know and trust who are the most likely to send
> you an email borne virus - the first thing these MS targeted virus'
> attack is the addressbook.
true, but what I mean by trusted email attachments is I usually CALL to
confirm personally, and there are only two people I know that ever send
me attachments, so it can still happen but...
%20David%22%20<plug-discuss@lists.plug.phoenix.az.us>&Body=On%202002-03-14%2001:46,%20John%20(EBo)%20David%20wrote:%0A>%20Craig%20White%20wrote:%0A>%20>%20%0A>%20>%20It's%20not%20a%20question%20of%20whether%20you%20would%20cause%20the%20executable%20to%20run%20by%0A>%20>%20double%20clicking%20-%20it's%20a%20question%20of%20just%20merely%20'previewing'%20the%20email%0A>%20>%20would%20cause%20it%20to%20run.%20Microsoft%20built%20'auto%20executing'%20(VBA)%20into%20all%0A>%20>%20of%20their%20programs%20and%20that%20includes%20Outlook%20&%20Outlook%20Express%20which%0A>%20>%20makes%20them%20especially%20vulnerable%20to%20email%20borne%20executables.%20Thus%20you%0A>%20>%20don't%20have%20to%20be%20dumb%20enough%20to%20double%20click%20the%20file%20called%20Anna%0A>%20>%20Kournikova.jpg.exe%20to%20infect%20your%20computer%20-%20just%20touching%20the%20email%20and%0A>%20>%20clicking%20delete%20is%20enough%20to%20infect.%0A>%20%0A>%20understand.%0A>%20%0A>%20>%20This%20is%20indeed%20a%20security%20bulletin%20where%20the%20fix%20has%20been%20available%20for%0A>%20>%20over%20a%20month%20and%20thus%20legit.%0A>%20>%20%0A>%20>%20It%20should%20be%20noted%20that%20it's%20not%20just%20emails%20but%20there%20is%20some%20malicious%0A>%20>%20code%20embedded%20on%20web%20pages%20that%20can%20get%20you%20too...I%20believe%20that%0A>%20>%20everyone%20is%20supposed%20to%20be%20at%20Mozilla%20.97%20or%20higher%20(a%20keen%20eye%20towards%0A>%20>%20Hans'%20earlier%20post).%0A>%20%0A>%20yep...%0A>%20%0A>%20>%20PS%20-%20it's%20the%20people%20you%20know%20and%20trust%20who%20are%20the%20most%20likely%20to%20send%0A>%20>%20you%20an%20email%20borne%20virus%20-%20the%20first%20thing%20these%20MS%20targeted%20virus'%0A>%20>%20attack%20is%20the%20addressbook.%0A>%20%0A>%20true,%20but%20what%20I%20mean%20by%20trusted%20email%20attachments%20is%20I%20usually%20CALL%20to%0A>%20confirm%20personally,%20and%20there%20are%20only%20two%20people%20I%20know%20that%20ever%20send%0A>%20me%20attachments,%20so%20it%20can%20still%20happen%20but...%0A>%20%0A>%20%20%20EBo%20--%0A>%20%0A>%20 "Reply to this message")
(text/plain)