April 18th, 2003, 01:33 AM
E-mail viruses w/o file attachments, do they exist?
It's common knowledge that most viruses are spread via files or macros. However, something that I find popping up from time to time is the statement that you can get a virus by just simply reading an e-mail (i.e. a web interface such as Yahoo or Hotmail, or in Outlook / Outlook Express which support HTML formatted e-mails). The theory is that in the HTML e-mail, there can exist some malicious script code.
Anyone care to elaborate on this as to it being a myth or truth?
April 18th, 2003, 02:05 AM
Oh.. it's true. I had it happen to a friend. They had outlook with that autoview enabled. And bloody well shut down the system. Basically, everytime the email opened, the AV software went bananas and she couldn't do anything -- not even delete the email. (she's not technically adept). I turned off the autoview option and then deleted the emails. I think changed it so she wouldn't see HTML emails.
April 18th, 2003, 02:24 AM
Because Outlook can view HTML emails with active scripting it is possible to get a virus simply by opening the email if you are not properly patched.
It was also possible as MsMittens pointed out for a virus to execute simply from being viewed in the Preview Pane.
The vulnerabilities exploited in both cases were really part of Internet Explorer, but because Outlook uses IE to render HTML it would execute the malicious code. This is from CERT
Outlook 2000 SR-1 fixed that issue for Outlook 2000:
At a minimum, disable Active scripting in the Internet zone and the zone used by Outlook, Outlook Express, or any other email client that uses Internet Explorer or the WebBrowser control to render HTML CERT bulletin
It is prudent to stay current with patching. It is at least as important for stopping viruses as keeping your antivirus software up to date. Viruses and worms tend to exploit known vulnerabilities. If users kept their systems patched the viruses and worms would have little to no effect.
Heightened Outlook default security settings increase the default Internet security zone setting within Outlook from "internet" to "restricted sites." In addition, active scripting within restricted sites is disabled by default. These security features help protect users from viruses that are spread by means of scripting. Outlook 2000 SR-1
May 7th, 2003, 01:12 PM
Take control of your system patches
Start from this link...RTFM first and then go to download.....
That was all folks!
May 7th, 2003, 01:46 PM
if the scripting can hold the virus how would a firewall/antiviris detect it and eliminate it?
May 7th, 2003, 01:56 PM
Propably from the pattern of the script file...but I am not so sure....
That was all folks!