I searched the registry on the exchange box earlier and found the
"readme.eml" and "root.exe" under HK_users, Doc Find Spec MRU. I cannot find
the file anywhere on the machine and everything appears to be working fine.
I did not have the ScanMail patch until about an hour or so ago. I am
blocking exe's now but I wasn't earlier today.
Should I just delete these values in the registry?
TIA
Gordon
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 18, 2001 1:57 PM
To: Exchange Discussions
Subject: RE: New Virus / Worm ??
It exploits the very dangerous iFrame vulnerability detailed at
http://www.microsoft.com/technet/security/bulletin/ms01-020.asp. The one
thing that article doesn't tell you is that the IE patch it describes does
not block the ability of Office documents in an iFrame to launch
automatically. What that means is that if you don't have Office macro
security set high enough, the next attack could use a Word .doc macro to
deliver its payload.
> I just received an e-mail with this virus/worm. It appears to be not very
> nice. I use the preview pane in Outlook and it automatically attempted to
> launch the attachment. For once, I'm glad I had the new security features
> in Outlook SR-1 that does not allow launching an .exe w/out saving it to
the
> hard drive first.
>
> The virus had a subject with 255 characters in it. Methinks there was/is
an
> exploit for subject lines that long.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
