Actually, html enabled mail clients are absolutely the virus writer's best
friend. Outlook, GW, Eudora, et cetera that are able to display inline
(online) html web content can contain all sorts of nifty things.
If you have an email client that is able to display a page sent via email,
either as a link, or as content, then the code (java, perl, cgi links etc)
can be embedded.
Having a "preview" mode only makes it worse. Suppose you have preview, and
a linked page with some nasty back-end java or ActiveX is in there? As the
client OPENS the message to allow a preview, the damage is already done (if
damage is there to do). The origins of this are found in ANSI bombs that
stuffed the keyboard buffer, re-wrote code (via debug), and various other
nefarious schemes.
The better email enabled antivirus packages only protect from what they know
about, or stop malicious actions from coming from that source they are
firewalling.
Best course of action is to not preview, know exactly who sends you mail,
and to have a dead drop at one of the free webmail sites. And always have a
virus checker that can do heuristic and predictive scanning.
Just my .02 worth.
----- Original Message -----
From: "Gascoigne, Andy" <Andy.Gascoigne@gov.ky>
To: "'Bowen, Patrick A RP2'" <PABowen@sar.med.navy.mil>;
<spitfires@autox.team.net>
Sent: Friday, May 05, 2000 9:19 AM
Subject: RE: Virus warning - EXTREMELY DANGEROUS VIRUS
>
> If the e-mail client is able (and enabled) to show web-like content (ie
> html) then it is possible for the body of the e-mail to contain a virus,
> within the e-mail itself, or in a java applet or anything else attached to
> the e-mail.
>
> The safest option is to never open anything you're even half unsure about.
> These "Melissa" style viruses make things a bit more difficult, as they
are
> sent from someone you know. Ergo if my mum gets an e-mail from me entitles
> "ILOVEYOU" she'll probably open it (after thinking I've gone a bit soft in
> the head).
>
> There is further speculation that denial of service attacks can be caused
by
> opposing companies/governments etc, in order to shut down or cause aggro,
to
> the competition. Surely not?
>
> Andy
>
> -----Original Message-----
> From: Bowen, Patrick A RP2 [mailto:PABowen@sar.med.navy.mil]
> Sent: Friday, May 05, 2000 10:29 AM
> To: 'spitfires@autox.team.net'
> Subject: FW: Virus warning - EXTREMELY DANGEROUS VIRUS
>
>
>
>
>
>
> Actually Dave, until about 4 months or so ago that was true. Not that I
am
> an authority but there was a company I read about that had created a
program
> that would actually allow that to happen. Obviously that was not the
intent
> of the software, but it was a uncontrollable by product. Anyone out there
> know what I am talking about??
>
> Patrick Bowen
>
> -----Original Message-----
> From: David Moag [mailto:moag@ix.netcom.com]
> Sent: Thursday, May 04, 2000 9:52 PM
> To: Dana Scott; spitfires@autox.team.net
> Cc: triumphs@autox.team.net
> Subject: RE: Virus warning - EXTREMELY DANGEROUS VIRUS
>
>
>
> Dana,
>
> As far as I know, NO VIRUS has ever been able to be activated by just
being
> in the main body of an email, and hence preview panes or even opening the
> main email is not the problem. They are all activated when the attachment
is
> opened (that's the only time they can actually be executed on your
computer,
> which is necessary in order for their code to be run).
>
> I received on of these last night from an unknown name and deleted it
> without opening the attachment (I basically assumed it was going to be
some
> porn site add). I received another one this morning from an extremely
pretty
> girl I know -- I certainly WOULD have opened that one if I had not heard
all
> the warnings. By coincidence (or dumb luck) I also backed up my whole
> computer for the first time in ages when I got up this morning.
>
> Dave Moag
> 62 TR3B
> 77 Spitfire
> La Canada, CA
>
> > -----Original Message-----
> > From: owner-triumphs@autox.team.net
> > [mailto:owner-triumphs@autox.team.net]On Behalf Of Dana Scott
> > Sent: Thursday, May 04, 2000 6:40 PM
> > To: Jeff McNeal; Gascoigne, Andy; 'Richard Bonilla / Colorado'; Barry
> > Schwartz; spitfires@autox.team.net
> > Cc: triumphs@autox.team.net
> > Subject: RE: Virus warning - EXTREMELY DANGEROUS VIRUS
> >
> >
> >
> > Remember all that this virus doesn't have to come from someone you don't
> > know as it works its way through your email address book. So, if
someone
> > you know opened it, and in this case it was the attachment that had the
> > virus so they'd have to open it too, the virus would then send itself
out
> > from them. You, recognizing the senders name might open it and then the
> > attachment and bingo! You've got it and it starts sending emails
> > to all in
> > YOUR address book, and so-on.
> >
> > It was almost humorous watching all the emails come in today with the "I
> > Love You" subject. Depending on your email server and how your
> > address book
> > was set up, you could send multiple copies to your friends. I
> > received 6-7
> > from one source. Of course, I deleted them all before opening them.
> >
> > This then is also a good reason to NOT use the preview pane in your
email
> > program. I you did, it would open it. This time, no damage
> > done. But next
> > time, it could be in the body of the main message. Bummer. You're done
> > for.
> >
> > So, BE AWARE!
> >
> > Dana
> > CF9690UO
> > Former Network Administrator (nope, not because of something like
> > this) <g>
>
>
> -------------------------------------------------------------------------
> This email server is running an evaluation copy of the MailShield anti-
> spam software. Please contact your email administrator if you have any
> questions about this message. MailShield product info: www.mailshield.com
>
|