March 30th, 2004, 04:19 PM
New way to foul users in opening attachement. (Good Read)
One of my users got a weird email today.
When I look the html code, I see stuff that is very scary. First, the email is opening a iframe like this one.
From: [email]firstname.lastname@example.org[/email] [mailto:email@example.com]
Sent: March 29, 2004 9:18 AM
Subject: Mail Delivery (failure [email]SDK@Antionline.com[/email])
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at:
And then, the specific text http://www.antionline.com/inbox/cris...essionid-26405 is a hyperlink to cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re
<iframe src="cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re" width=0 height=0>
After reading that CID was (See here for that info - M$ Knowledbe Base 270922), I open the link and the attachments in the email OPEN without prompt if I want to open the attachment or not. It just. (Lucky for me, it was only a txt warning from my mailserver). The link was created http://www.%DomaineName%/inbox/%User...essionid-26405
Basically, this virus was using an iframe to open himself automatically and if this failed, you still have the hyperlink to fool user in opening attachment without warning.
Is this consider a security flaws? (The fact that I don't get a prompt if I want to open the program)