PDA

View Full Version : email/browser vulnerability



harbormaster
05-11-2000, 08:19 AM
Something you need to know about:

Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT.
Personal computers running Internet Explorer (IE) version 5.0 and/or Microsoft Office 2000 are vulnerable to virus attacks using most email systems, even if the email recipient opens no attachments. You don't
even have to use IE; just have it installed with the default security settings. If you have not closed the hole, you can receive viruses (and spread them) by viewing or previewing malicious email without opening
any attachment, or by visiting a malicious web site. The problem is caused by a programming bug in an Internet Explorer ActiveX control called scriptlet.typelib. This is by far the fastest growing virus
distribution problem and ripe for a hugely destructive event - at least as large as the ILOVEYOU virus. Updating your virus detection software, while important, is not an effective solution for this problem. You must also close the hole. The hole can be closed in five minutes or less using tools available at Microsoft's security site:
http://www.microsoft.com/security/bulletins/ms99-032.asp
The correction script may be run directly from:
http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm

Scot
The Harbormaster

seano
05-11-2000, 11:02 AM
Scot,

Thanks for the info---being a trading floor WindowsNT technician for "a top Wall St" investment bank, I can tell you that this ILOVEYOU virus has caused alot of problems---our internal email was down for 3 days and all external email sites were blocked by our proxy server.

Part of what the ILOVEYOU virus did was try and connect users to sites where malicious files existed(usually hidden) and cotinue to spread more viruses.

What you mention is also one of the latest disputes between Microsoft and Netscape---because they are blaming each other for this hole. I have actually resisted the temptation to upgrade my browser on my laptop to 5.0, and would recommend doing the same to the rest of you unless you plan on applying the patch Scot mentioned. The other problem with the Virus detection software is that you will usually get the virus before the Co. is even aware of it---never mind have a patch for it----Symantec(Norton Antivirus) did not have a "good patch" for ILOVEYOU until 5/8---the virus was introduced 5/4!

Anyway, sorry to stay off topic so long, but thanks again Scot---for looking out for your fellow enthusiasts.

Francis O. Saffell
05-11-2000, 03:12 PM
Scot, I just took a look at my cookie file on Netscape. Real nice password encription for UB.
I particularly like the way it organizes in clear text Username and Password. Ha Ha.

PaulO
05-11-2000, 04:05 PM
Seano,
What Wall St. Firm? I myself did my time a few years ago for D.L.J. Still got some buddies there. I have completed my sentence.
PaulO

harbormaster
05-11-2000, 09:45 PM
Francis O,

Did anyone ever tell you that Francis is a girls name?

http://206.150.187.82/ubb/tongue.gif

Francis O. Saffell
05-11-2000, 11:49 PM
If anyone is wondering what a netscape cookie file looks like, here is an example taken straight
from my system.

# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This is a generated file! Do not edit.
www.iboats.com (http://www.iboats.com) FALSE /cgi-bin/ubb FALSE 989136181 lastLogin 2451670.2001 www.iboats.com (http://www.iboats.com) FALSE /cgi-bin/ubb FALSE 989136181 LastLoginDT 05-05-2000%2008%3A01%20PM
ctc.clickheretoenter.com FALSE /cgi-bin/ctc FALSE 1577836875 clickher76514892 USED
206.150.187.82 FALSE /cgi-bin FALSE 989611277 lastLogin 2451676.1504
206.150.187.82 FALSE /cgi-bin FALSE 989611277 LastLoginDT 05-11-2000%2003%3A04%20PM
206.150.187.82 FALSE /cgi-bin FALSE 986625546 DaysPrune 1000
206.150.187.82 FALSE /cgi-bin FALSE 986625546 NameStorage yes
206.150.187.82 FALSE /cgi-bin FALSE 989611857 UserName Francis%20O.%20Saffell
206.150.187.82 FALSE /cgi-bin FALSE 989611857 Password 1diotic
.cars.com TRUE /carsapp FALSE 1902485856 UniqueCount ID%253D1ce7a92%253Ade9fe09ed4%253A-80001ce7a92%253Adeaa6ca156%253A1c90
forums.appleinsider.com FALSE /cgi-bin FALSE 988095393 lastLogin 2451659.0256
forums.appleinsider.com FALSE /cgi-bin FALSE 988095393 LastLoginDT 04-24-2000%2002%3A56%20AM www.donzi.net (http://www.donzi.net) FALSE /cgi-bin FALSE 989215799 lastLogin 2451672.0113 www.donzi.net (http://www.donzi.net) FALSE /cgi-bin FALSE 989215799 LastLoginDT 05-07-2000%2001%3A13%20AM www.enowshowing.com:80 (http://www.enowshowing.com:80) FALSE /store FALSE 988347868 enowshowing ZIPCODE=97402 www.payback.com (http://www.payback.com) FALSE /cgi-bin FALSE 983452994 srenilyabsevoltocs&
.cc-dt.com TRUE /link FALSE 960785438 cc_click59 36332%00955601442%00121255%00
.netscape.com TRUE / FALSE 1293839935 UIDC 208.13.34.138:0955080369:946513 www.usboating.com (http://www.usboating.com) FALSE / FALSE 989612269 Date 5%2F11%2F00+4%3A15%3A48+PM
.yachtingnet.com TRUE / FALSE 1293839993 RMID d00d224b38ed9d70

It wouldn't take much for a virus to find this file and send it to an address.

seano
05-12-2000, 06:26 AM
Paul,

Send me an email--- seano30@yahoo.com I'll tell you who I work for...I'd like to keep my job and not post the name. BTW, it's not DLJ.

BERTRAM BOY
05-12-2000, 07:00 AM
Owen,
Did I mention, You have waayyyyy to much free time on your hands !!!!
BERTRAM BOY