Interesting...
Hopefully I've read slashdot before this mail, so I was aware of this one.
For those interested, it's a very nice information about the Microsoft
security: (Warren, please read the end of this mail)
*This virus doesn't even need to hide it's subject because under Outlook you
don't even need to open the joined file for the virus to run, just open the
mail.
*If you moved the mail file to any folder of your system, if you're using
explorer with "view web content" activated, the thing will run by just
passing the mouse over the mail file.
* the html part of the mail is made by invalid html, but the ie core still
wants to render it
* the attached file type(.exe) is not coherent with the mime type
(audio-wav), but this is not checked by outlook
* the attached executable is automatically run by outlook, without even
needing a user confirmation.
So this one is using several "key" security lacks from Microsoft. Personally
I've been saved only because Visual Studio fired and debugged the process.
We'll probably be target by this mail several times again during the
following week. It would be nice if our ML administrator could filter this
virus based on the subject as an example.
Bye,
--
Gabriel Bouvigne - France
[EMAIL PROTECTED]
mobile phone: [EMAIL PROTECTED]
icq: 12138873
MP3' Tech: www.mp3-tech.org
personal page: http://gabriel.mp3-tech.org
--
MP3 ENCODER mailing list archive is at:
http://www.mail-archive.com/mp3encoder%40minnie.cs.adfa.edu.au/
