Daniel Stenberg wrote:

> Those mails
> were sent by a malicious person or software impersonating me.

That's... really twisted.

> You *NEVER* run just click on the attachments people mail you anyway, right?

I'd like to note at this point that this virus is a little cleverer than that.
It is the first Outlook worm I know of which *doesn't* require the user to click
on an attachment. As a matter of fact, it's not even an attachment -- it's the
second half of a multi-part MIME message, which is referenced as a background
sound from an HTML portion in the first half. A darned good idea, actually, and
exploits the bug in IE (yeah, it's all IE, essentially) that the MIME type of a
file is ignored if the extension can be mapped (as the file itself is readme.exe,
which -- if handled as an audio encoding -- would be harmless.)

A good attack, all-around, especially combined with its power to jump between
email and CodeRed-type IIS attacks.

And *still* the press has yet to note that only Microsoft users are affected
(except by the nearly DoS-level scanning that the IIS vector does.)

> I'm sorry for this. No, I can't explain how my address ended up there. :-(

Has anyone sent you an actual copy with headers?

Michael
Received on 2001-09-19