D
Daeron
Vicious Worm Infects Without Attachment
James Maguire Mar 19 2004
[..]
A handful of Bagle worm variants are attacking Windows users with an
insidious new twist: They can infect computers without tricking them
into opening a file attachment -- opening an e-mail is all it takes.
[..]
Bagle exploits a flaw in Outlook, revealed in October of 2003, that
allows a hacker to upload and execute a file on a user's PC without
that user opening the file. Microsoft has issued a patch for the flaw
in October, but users who have not updated their systems with this
patch are at risk.
[..]
... Experts speculate that the virus writers developed this
non-attachment technique to bypass a common firewall technique called
"gateway scanning," which intercepts any e-mail with an attachment.
When a user open an e-mail carrying one of these new Bagle variants,
the e-mail "goes back out to the Internet and tries to find a certain
server that has the Bagle executable on it and bring it down through
HTTP," Belthoff said.
[..]
"That shouldn't be allowed to happen," Belthoff said. "Opening an
e-mail doesn't give some remote machine the authority to drop down a
VBS script onto your system. The vulnerability allows that to happen."
[..]
Like earlier versions of Bagle, the new variations disable many
firewall and antivirus applications, a technique that has become
common among virus writers. They also spread like the original Bagle,
by resending themselves to all addresses found on a user's hard drive,
disguising the return address of the e-mail to conceal the identity of
the infected machine ...
http://www.newsfactor.com/story.xht...orm_Infects_Without_Attachment&story_id=23458
-
Flea bugs Windows users
John Leyden Oct 24 2003
A new virus called Flea is on the loose. The Visual Basic Script worm
disguises itself as the ‘signature file' in HTML-formatted mail.
Flea can execute automatically when users open HTML formatted emails
in Microsoft Outlook or Outlook Express. Unlike most Windows nasties,
the bug does not depend on a user opening an infectious file to do its
mischief, Finnish AV vendor F-Secure warns ...
http://www.theregister.co.uk/content/56/33569.html
James Maguire Mar 19 2004
[..]
A handful of Bagle worm variants are attacking Windows users with an
insidious new twist: They can infect computers without tricking them
into opening a file attachment -- opening an e-mail is all it takes.
[..]
Bagle exploits a flaw in Outlook, revealed in October of 2003, that
allows a hacker to upload and execute a file on a user's PC without
that user opening the file. Microsoft has issued a patch for the flaw
in October, but users who have not updated their systems with this
patch are at risk.
[..]
... Experts speculate that the virus writers developed this
non-attachment technique to bypass a common firewall technique called
"gateway scanning," which intercepts any e-mail with an attachment.
When a user open an e-mail carrying one of these new Bagle variants,
the e-mail "goes back out to the Internet and tries to find a certain
server that has the Bagle executable on it and bring it down through
HTTP," Belthoff said.
[..]
"That shouldn't be allowed to happen," Belthoff said. "Opening an
e-mail doesn't give some remote machine the authority to drop down a
VBS script onto your system. The vulnerability allows that to happen."
[..]
Like earlier versions of Bagle, the new variations disable many
firewall and antivirus applications, a technique that has become
common among virus writers. They also spread like the original Bagle,
by resending themselves to all addresses found on a user's hard drive,
disguising the return address of the e-mail to conceal the identity of
the infected machine ...
http://www.newsfactor.com/story.xht...orm_Infects_Without_Attachment&story_id=23458
-
Flea bugs Windows users
John Leyden Oct 24 2003
A new virus called Flea is on the loose. The Visual Basic Script worm
disguises itself as the ‘signature file' in HTML-formatted mail.
Flea can execute automatically when users open HTML formatted emails
in Microsoft Outlook or Outlook Express. Unlike most Windows nasties,
the bug does not depend on a user opening an infectious file to do its
mischief, Finnish AV vendor F-Secure warns ...
http://www.theregister.co.uk/content/56/33569.html