URL quoted in email points to message.scr which contains worm

D

Dave

Can't find this on Google groups so...

OS XP pro, email client Mozilla Thunderbird

I recently got an email with subject "mail delivery failure". Must have
sent itself from someone with my email address in their address book. It
said:

****
If the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
www.ntlworld.com/inbox/*my user name*/read.php?sessionid-15898
***

The link actually points to

mailbox:///C|/DOCUMENTS and SETTINGS/*my profile*/APPLICATION
DATA/Thunderbird/Profiles/default/3z8exoag.slt/Mail/62.253.162-1.56/Inbox?number=93538081&part=1.2&filename=message.scr

If I save the target and scan it, message.scr of course contains a worm:
W32.Netsky.p

Two questions

1 How can you make a link point to a location (in this case on my own
PC) other than the one it purports to be pointing to
2. The email has no attachment, so where, physically is the file
message.scr? and how is the above URL pointing at it?

I'm not worried, just curious
 
F

FromTheRafters

Dave said:
Can't find this on Google groups so...

OS XP pro, email client Mozilla Thunderbird

I recently got an email with subject "mail delivery failure". Must have
sent itself from someone with my email address in their address book. It
said:

****
If the message will not displayed automatically,
follow the link to read the delivered message.

Received message is available at:
www.ntlworld.com/inbox/*my user name*/read.php?sessionid-15898
***

The link actually points to

mailbox:///C|/DOCUMENTS and SETTINGS/*my profile*/APPLICATION
DATA/Thunderbird/Profiles/default/3z8exoag.slt/Mail/62.253.162-1.56/Inbox?number=93538081&part=1.2&filename=message.scr

If I save the target and scan it, message.scr of course contains a worm:
W32.Netsky.p

Two questions

1 How can you make a link point to a location (in this case on my own
PC) other than the one it purports to be pointing to
Click to expand...

By supplying the text that you want to display in the container e.g.

<a href="http://search.yahoo.com">Search Home</a>

The link to "search.yahoo.com" will display as "Search Home".
2. The email has no attachment, so where, physically is the file
message.scr? and how is the above URL pointing at it?
Click to expand...

If it is there as a content type other than "attachment" such as "inline".
 
D

Dave

FromTheRafters said:
By supplying the text that you want to display in the container e.g.

<a href="http://search.yahoo.com">Search Home</a>

The link to "search.yahoo.com" will display as "Search Home".




If it is there as a content type other than "attachment" such as "inline".
Click to expand...
Thx. That all makes sense
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

link to specific sheet in excel file which contains points and spaces 1
[SWEN tiny FAQ] How to filter Swen mails with M$OE 6 20
email sent from MS Word is sent to inbox of creator 1
[SWEN tiny FAQ] How to filter out Swen emails with M$ Outlook Express 19
Outlook Add-In to add a CC address to outgoing email 2
Add an option to display email address in message lists... 2
Outlook Rule - specify email address in Recipient (To, CC, or BCC 3
Is Yahoo doing all it can to prevent the spread of viruses? 42

Top