Interesting People mailing list archives
IP: WAS AN OLD VIRUS BUT STILL ACTIVE virus alert
From: David Farber <dave () farber net>
Date: Thu, 13 Dec 2001 18:34:44 -0500
X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 13 Dec 2001 16:30:18 -0700 To: farber () cis upenn edu, ip-sub-1 () majordomo pobox com From: Brett Glass <brett () lariat org> Subject: Re: IP: virus alert At 04:15 PM 12/13/2001, Georgi Kostov wrote: >There is a virus circulating around. It can be activated by using >Internet Explorer and going to specially designed web pages that make you >think you are downloading a sound/etc. file (see announcement below.) >Or, it can come as a mail attachment _disguised_ as a multimedia file, but >is actually an executable, like the one mentioned in the Internet Explorer >advisory. I just got the latter kind. The attachment pretended to be of >MIME type Audio/X-WAV, but when saved (and many e-mail clients save >automagically) it may be called Sorry_about_yesterday.MP3.pif, which is >what I just got, and is an executable under Windows. Dave: I am afraid that this is old news. The Badtrans.A worm, which uses this technique, has been circulating for quite awhile now, and is only one of several that do. The primary danger of this type of worm is that users of Outlook and Outlook Express need not launch an attachment to be infected. Due to serious defects in Microsoft's mail and Web browsing software, the worm is activated as soon as the incoming message is PREVIEWED. In any other industry, such a serious defect would merit a recall, but Microsoft has made only token efforts to inform users of these vulnerabilities and therefore most users are still susceptible. For more information about Badtrans.A in particular, see the write-up I did at http://www.extremetech.com/article/0,3396,s%253D25124%2526a%253D19248,00.asp#story6 (Apologies for the long URL; it may need to be pasted back together.) --Brett Glass
For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: WAS AN OLD VIRUS BUT STILL ACTIVE virus alert David Farber (Dec 13)