curl-users
Re: Administrativa: virus wave again
Date: Wed, 19 Sep 2001 02:14:14 -0500
Daniel Stenberg wrote:
> Those mails
> were sent by a malicious person or software impersonating me.
That's... really twisted.
> You *NEVER* run just click on the attachments people mail you anyway, right?
I'd like to note at this point that this virus is a little cleverer than that.
It is the first Outlook worm I know of which *doesn't* require the user to click
on an attachment. As a matter of fact, it's not even an attachment -- it's the
second half of a multi-part MIME message, which is referenced as a background
sound from an HTML portion in the first half. A darned good idea, actually, and
exploits the bug in IE (yeah, it's all IE, essentially) that the MIME type of a
file is ignored if the extension can be mapped (as the file itself is readme.exe,
which -- if handled as an audio encoding -- would be harmless.)
A good attack, all-around, especially combined with its power to jump between
email and CodeRed-type IIS attacks.
And *still* the press has yet to note that only Microsoft users are affected
(except by the nearly DoS-level scanning that the IIS vector does.)
> I'm sorry for this. No, I can't explain how my address ended up there. :-(
Has anyone sent you an actual copy with headers?
Michael
Received on 2001-09-19