[plug] [OT][link] Outlook set to crash and burn *again*

Leon Brooks leon at brooks.fdns.net
Sun Feb 2 08:28:54 WST 2003


    http://www.theregister.co.uk/content/56/29137.html

    The exploit relies on especially crafted email headers, creating
    an attachment with three file-extensions. Standard email packages
    will not generate these headers; these emails must either be
    created by hand, or using hacker tools (many of which are freely
    available, MessageLabs warns). 

    The first extension (e.g. .jpg) is visible to the email user, and
    is intended to persuade them that the attachment is "safe". The
    final extension (also, for example, .jpg) is used by Microsoft
    Outlook to set the icon to represent the application for opening
    the attachment. 

    However, the unusual middle extension (.EXE) is used by Outlook
    to determine how to launch the attachment, therefore an .EXE file
    will be executed if a user double clicks on an infected attachment.
    Other examples may include .COM, .PIF, .SCR, or .VBS. 

In short, don't open email from an unknown source, especially if it is large.

Linux users, of course, have genuine MIME handling and no reason to fear, even 
if you have WINE installed. (-:

Cheers; Leon



More information about the plug mailing list