Hi ztrader,
On Tue, 1 May 2001 18:38:26 -0700GMT (02/05/01, 09:38 +0800GMT),
ztrader wrote:
BM>> Ritlabs should have notified its clients and had a reg edit
BM>> executable on its site for download.
Notify the clients of what? I will reply to this despite Marck's Dead
Horse (which I deliberately understand as being valid only for that
arm of the thread, which had nothing to do with Strator any more, in
order for myself to cleverly avoid the trout), as nobody has made the
point yet.
1.) Unlike in OL/OE, in TB you can see the actual extension of an
attachment. Nobody is even for a second fooled into believing that the
file with the double attachment .jpg.pif is a jpg file.
2.) If you see that it has a double extention, and that the real
extension is .pif and you click on it anyway, maybe by accident, TB
will alert you with a warning dialog: "This file has a double
extention. The real extension is .pif. Do you want to proceed?" If you
hit Yes, it's no accident any more.
3.) Since v1.47, the extension .pif has been added to the reg key
ProtectDisableOpen by default. Therefore, there is no registry hack or
whatever necessary to disable opening attachments with this extension,
it is there already. You need to hack the reg in order to be able to
open this attachment at all! You need to have sufficient computer
knowledge to make this worm become active - and if you have that
knowledge, why in Pete's name would you open an unsolicited .pif file?
It takes a creative mind and some knowledge about TB's registry
settings to even be able to run this attachment at all. Therefore,
RitLabs had nothing to report to their clients apart from "don't hack
the registry, and read the warning messages. Lame attack attempts like
this have been anticipated for eons."
This worm is a non-issue.
--
Cheers,
Thomas.
Moderator der deutschen The Bat! Beginner Liste. Anmeldung unter:
[EMAIL PROTECTED]
Message reply created with The Bat! 1.51
under Chinese Windows 98 4.10 Build 1998
on a Pentium II/350 MHz.
--
______________________________________________________
Archives : <http://tbudl.thebat.dutaint.com>
Moderators : <mailto:[EMAIL PROTECTED]>
TBTech List: <mailto:[EMAIL PROTECTED]>
Unsubscribe: <mailto:[EMAIL PROTECTED]>
You are subscribed as : [email protected]
