[thelist] Virus Alert [OT]
Maryanna Nesina
mar at MN1052.srv.pu.ru
Mon Apr 22 15:49:00 CDT 2002
The trick is not in jpg, but in iframe - code security hole in IE
Here is the code that starts virus. (I'd changed < > to [ ] )
[HTML][HEAD>[/HEAD][BODY]
[iframe src=3Dcid:H5O4gojV height=3D0 width=3D0]
[/iframe]
[FONT][/FONT][/BODY][/HTML]
And here is the begining of virus part that follows this code:
--Ow7204AZ7aR2DOc
Content-Type: audio/x-midi;
name=decide_c[1].exe
Content-ID: <H5O4gojV>
Content-Transfer-Encoding: base64
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
So you see, it is .exe or .com (hiding as name="news_doc.DOC.scr" or
something.jpg.com etc)
As for virus checker it's better to have it :))
Or (or and ;) don't use outlook/outlook express
And take pach for to close that from code security hole in IE from
www.microsoft.com (it will help you at any rate with IE)
> > when you read which kind of attachments it produces - graphic ones are
> > possible too.
>
> This has really alarmed me - this virus can attach/embed itself within
> image files??
>
> Or is it only that it may pick an image file to send itself along with,
> but the virus itself is still an executable of some sort and will also
> be attached to the mail?
>
> I don't currently have a virus checker - should I be being wary of
> opening jpeg's too now?
Best regards,
Maryanna Nesina
mar at mail.bio.pu.ru
http://www.bio.pu.ru/~mar/
More information about the thelist
mailing list