[plug] [OT][link] Outlook set to crash and burn *again*
Leon Brooks
leon at brooks.fdns.net
Sun Feb 2 08:28:54 WST 2003
http://www.theregister.co.uk/content/56/29137.html
The exploit relies on especially crafted email headers, creating
an attachment with three file-extensions. Standard email packages
will not generate these headers; these emails must either be
created by hand, or using hacker tools (many of which are freely
available, MessageLabs warns).
The first extension (e.g. .jpg) is visible to the email user, and
is intended to persuade them that the attachment is "safe". The
final extension (also, for example, .jpg) is used by Microsoft
Outlook to set the icon to represent the application for opening
the attachment.
However, the unusual middle extension (.EXE) is used by Outlook
to determine how to launch the attachment, therefore an .EXE file
will be executed if a user double clicks on an infected attachment.
Other examples may include .COM, .PIF, .SCR, or .VBS.
In short, don't open email from an unknown source, especially if it is large.
Linux users, of course, have genuine MIME handling and no reason to fear, even
if you have WINE installed. (-:
Cheers; Leon
More information about the plug
mailing list