On Mon, 6 Nov 2000, Paul Allen wrote:
> Erwann ABALEA wrote:
> >
> > [...]
> >
> > I thought that using Pine solved the problem of viruses... I was
> > wrong... Even the simple 'mailx' can be exploited... and I don't have any
> > multimedia extension to Pine... ;-)
>
> I know this is drifting off-topic, but I'm curious.
>
> Our corporate gateway apparently filtered this virus, since there's
> no trace of it in my inbox other than converstion about it. What
> vulnerability did it exploit? If you care to reply, perhaps edit
> the To: line to point to me instead of the list.
I deleted them along with a bunch from one of my customers. As a result
my memory might be faulty. I recall seeing variants of the following
W97M (Melissa)
VBS_LoveLetter
VBS_Columbia
All make use of the Microsoft Visual Basic Scripting engine present in
WindowsNT, Windows95, Windows98, and Windows2000. They modify the Windows
Registry to enable the scripting engine if it is not already enable and
create a process to be run each time the system is rebooted. They insert
or replace files in the system directory. They propagate using either a
Personal Address Book (PAB), the Global Address List (GAL), or both.
Depending upon which one is involved the damage is deletion of executable
images or replacement with a copy of the virus/worm. Deletion of all GIF,
JPG, BMP, etc. graphic images and creation of some "image" files that are
nothing more than the virus/worm payload. Usually there is also an
insertion of a contaminated HTML object in your browser history and
favorites lists.
Although they take advantage of "features" in Microsoft's Outlook and
Outlook Express, they make use of security holes and backdoors left in
Windows for Microsoft's Office Suite. So as was pointed out above you are
not that much more resistant to infection if you use a third party MUA,
particularly, if you "integrate" it into your Windows environment.
The only way to avoid the problem is to use Linux, MacOS, Unix, VMS, etc.
system to read and exchange mail.
Merton Campbell Crockett
General Dynamics Electronic Systems
Intelligence Systems
Network & IT Engineering
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
