RE: attachments+virus
I got this announcement from Symantec this morning concerning .ceo and .pif's. http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html Peter Seitz Cubic Corporation Systems Analyst San Diego, Ca. 92123 (858) 505-2724 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: attachments+virus
according to the Symantec write up the .CEO gets registered as a executable file format. now by my limited understanding to do this you would first have to have something that could do this...i.e. I would figure the .PIF in the e-mail. SO I guess that the .PIF reg's the .CEO and the .HTM is maybe the cool looking interface for it all? So if you remove the .PIF how would the .CEO get reg'd as a executable... my pre AV smtp stop it before it got in... so above is my theory bill -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: attachments+virus
BTW, Trend has had this covered since DAT 390 -Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:21 AM To: Exchange Discussions Subject: RE: attachments+virus I got this announcement from Symantec this morning concerning .ceo and .pif's. http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html Peter Seitz Cubic Corporation Systems Analyst San Diego, Ca. 92123 (858) 505-2724 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: attachments+virus
That's a file that doesn't have a clue about how the system operates but wants to open everything and just gets larger and larger over time without any discernible output while taking up a huge amount of resources. -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: 26 November 2002 16:18 To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] intY has scanned this email for all known viruses (www.inty.com) This email is confidential and intended solely for the use of the individual(s) to whom it is addressed. It should not be deemed to constitute a binding contract between TKC Group and the recipient(s) unless a purchase order number is quoted. Any views or opinions presented are solely those of the author and do not necessarily represent those of TKC Group Ltd. If you are not the intended recipient(s), please do not copy or disclose its contents. Please return it to: [EMAIL PROTECTED] then delete the email. intY has scanned this email for all known viruses (www.inty.com) _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: attachments+virus
I checked for it at http://filext.com/c.htm , but it isn't listed. On Tuesday 26 November 2002 17:17, you wrote: What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: attachments+virus
Yeah? So how does it get associated/executed? -Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 26, 2002 10:21 AM Posted To: MSExchange Mailing List Conversation: attachments+virus Subject: RE: attachments+virus I got this announcement from Symantec this morning concerning .ceo and .pif's. http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html Peter Seitz Cubic Corporation Systems Analyst San Diego, Ca. 92123 (858) 505-2724 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: attachments+virus
RTFA!! ;) The .HTM exploits the Microsoft VM ActiveX Component vulnerability [MS00-075] to register the .ceo extension as an executable file. The email message is formed to take advantage of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability [MS01-020], but due to a bug in the code, the attachment will not run automatically. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 12:13 PM To: Exchange Discussions Subject: RE: attachments+virus Yeah? So how does it get associated/executed? -Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 26, 2002 10:21 AM Posted To: MSExchange Mailing List Conversation: attachments+virus Subject: RE: attachments+virus I got this announcement from Symantec this morning concerning .ceo and .pif's. http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html Peter Seitz Cubic Corporation Systems Analyst San Diego, Ca. 92123 (858) 505-2724 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange
RE: attachments+virus
Bite me. If the vulnerability starts with MS00 or MS01, anyone who catches it at this point deserves it. -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 26, 2002 11:50 AM Posted To: MSExchange Mailing List Conversation: attachments+virus Subject: RE: attachments+virus RTFA!! ;) The .HTM exploits the Microsoft VM ActiveX Component vulnerability [MS00-075] to register the .ceo extension as an executable file. The email message is formed to take advantage of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability [MS01-020], but due to a bug in the code, the attachment will not run automatically. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 12:13 PM To: Exchange Discussions Subject: RE: attachments+virus Yeah? So how does it get associated/executed? -Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 26, 2002 10:21 AM Posted To: MSExchange Mailing List Conversation: attachments+virus Subject: RE: attachments+virus I got this announcement from Symantec this morning concerning .ceo and .pif's. http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html Peter Seitz Cubic Corporation Systems Analyst San Diego, Ca. 92123 (858) 505-2724 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto
RE: attachments+virus
Yep yep. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 12:58 PM To: Exchange Discussions Subject: RE: attachments+virus Bite me. If the vulnerability starts with MS00 or MS01, anyone who catches it at this point deserves it. -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 26, 2002 11:50 AM Posted To: MSExchange Mailing List Conversation: attachments+virus Subject: RE: attachments+virus RTFA!! ;) The .HTM exploits the Microsoft VM ActiveX Component vulnerability [MS00-075] to register the .ceo extension as an executable file. The email message is formed to take advantage of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability [MS01-020], but due to a bug in the code, the attachment will not run automatically. -Original Message- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 12:13 PM To: Exchange Discussions Subject: RE: attachments+virus Yeah? So how does it get associated/executed? -Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Posted At: Tuesday, November 26, 2002 10:21 AM Posted To: MSExchange Mailing List Conversation: attachments+virus Subject: RE: attachments+virus I got this announcement from Symantec this morning concerning .ceo and .pif's. http://www.sarc.com/avcenter/venc/data/w32.hllw.winevar.html Peter Seitz Cubic Corporation Systems Analyst San Diego, Ca. 92123 (858) 505-2724 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus What the heck is a .CEO file anyhow? -Original Message- From: Mellott, Bill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:18 AM To: Exchange Discussions Subject: RE: attachments+virus EXE is on Martins list of Danger Mpeg is often your/company call (I block it) with regard to the new virus, after looking at the description.. since one of the files is a PIF (which is on martins list or other good things to block) IF the PIF gets blocked..what effect would the .CEO or the .HTM have since the .CEO has no way to register itself with out the PIF being there to run? just curisious bill -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 11:13 AM To: Exchange Discussions Subject: RE: attachments So you do not block mpeg and exe? K/ Original Message- From: Seitz, Peter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 17:10 To: Exchange Discussions Subject: RE: attachments Don't forget to add .ceo also. -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 8:09 AM To: Exchange Discussions Subject: attachments Hi, Where can I find a list of the most attachments to block? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com
