[iwar] Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT.
From: Robert W. Miller
To: , ,
From: snooker@iex.net
To: htcc@onelist.com,
Wed, 10 May 2000 14:06:11 -0600
fc Wed May 10 13:19:16 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 10 May 2000 13:19:16 -0700 (PDT)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed May 10 20:19:09 2000)
X-From_: sentto-279987-338-fc=all.net@returns.onelist.com Wed May 10 15:18:36 2000
Received: from hn.egroups.com (hn.egroups.com [208.50.144.84]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id PAA24767 for ; Wed, 10 May 2000 15:18:36 -0500
X-eGroups-Return: sentto-279987-338-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by hn.egroups.com with NNFMP; 10 May 2000 20:18:39 -0000
Received: (qmail 18476 invoked from network); 10 May 2000 20:18:32 -0000
Received: from unknown (10.1.10.26) by m4.onelist.org with QMQP; 10 May 2000 20:18:32 -0000
Received: from unknown (HELO mail.iex.net) (192.156.196.5) by mta1 with SMTP; 10 May 2000 20:18:31 -0000
Received: from oemcomputer (p4-s8.cos1-ras.iex.net [209.151.65.100]) by mail.iex.net (8.9.1/8.9.1) with SMTP id NAA11993; Wed, 10 May 2000 13:56:06 -0600 (MDT)
To: , , ,
"Cfid List Member"
Message-ID:
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Importance: Normal
From: "Robert W. Miller"
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 10 May 2000 14:06:11 -0600
Reply-To: iwar@egroups.com
Subject: [iwar] Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT.
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Hopefully everybody reads the SANS NewsBites, subscribe at:
http://www.sans.org/sansnews.. For those that don't, or those who
missed this article, this is a must for those running windows.
Bob Miller
-- 10 May 2000
Personal computers running Internet Explorer (IE) version 5.0 and/or
Microsoft Office 2000 are vulnerable to virus attacks using most email
systems, even if the email recipient opens no attachments. You don't
even have to use IE; just have it installed with the default security
settings. If you have not closed the hole, you can receive viruses
(and
spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is
caused by a programming bug in an Internet Explorer ActiveX control
called scriptlet.typelib. This is by far the fastest growing virus
distribution problem and ripe for a hugely destructive event - at
least
as large as the ILOVEYOU virus. Updating your virus detection
software,
while important, is not an effective solution for this problem. You
must
also close the hole. The hole can be closed in five minutes or less
using tools available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp
The correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm
Editor's Note: Thanks to Jimmy Kuo of Network Associates and Nick
FitzGerald of Computer Virus Consulting Ltd. for raising the
visibility
of this dangerous problem.
Det. Robert W. Miller
Colorado Internet Crimes Against
Children Task Force
Pueblo High Tech. Crime Unit
Pueblo County Sheriff's Office
320 S. Joe Martinez Blvd.
Pueblo West, CO. 81007
Tel (719)583-4736
FAX (719)583-4732
mailto:snooker@iex.net
mailto:cicactf@iex.net
http://www.co.pueblo.co.us/sheriff/
PGP key available at: http://pgpkeys.mit.edu:11371/
search on snooker@iex.net
------------------------------------------------------------------------
Bids starting at $7 for thousands of products - uBid.com
http://click.egroups.com/1/3027/11/_/595019/_/957989913/
------------------------------------------------------------------------
------------------
http://all.net/