Re: CRIME Korean spam & Klez

From: Heidi Henry (mcps@private)
Date: Wed May 22 2002 - 08:23:47 PDT

  • Next message: Robert Myles: "Re: CRIME Korean spam & Klez"

    ----- Original Message -----
    From: jeffrey
    Sent: Wednesday, May 22, 2002 7:01 AM
    To: crime@private
    Subject: Re: CRIME Korean spam & Klez
    
    Most viruses come in as attachments. Most attachments come in with a
    .xxx suffix that can be filtered at the mail server level. I haven't
    accepted a .com, .vbs, .shr, etc. file via email in a long time,
    because of the probability of it being a virus.
    
    
    "It does not require the email receiver to open the attachment for it to execute. It uses a known vulnerability in Internet Explorer-based email clients to execute the file attachment automatically. This is also known as Automatic Execution of Embedded MIME type.  
    The infected email contains the executable attachment registered as content-type of audio/x-wav or sometimes audio/x-midi so that when recipients view the infected email, the default application associated with audio files is opened. This is usually the Windows Media Player. The embedded EXE file cannot be viewed in Microsoft Outlook." (From Trend Micro)
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:23 PDT