Re: [unisog] Some more details on the worm

From: Gary Flynn (flynngnat_private)
Date: Tue Sep 18 2001 - 12:57:30 PDT

Next message: John Q. Public: "Re: Fwd: Massive CMD.EXE and ROOT.EXE scan"

Previous message: FYOM: "Re: Explorer Dr. Watsons"
In reply to: Davis, Matt: "Some more details on the worm"
Next in thread: Steiner, Michael: "RE: Some more details on the worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Can anyone confirm that the reason the exe gets run from
the eml is because of the IE bug described here:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

and that disabling file downloads will prevent it?

" Would IE always execute the attachment?

  No. IE would only execute the attachment if File Downloads 
  were enabled in the Security Zone that the e-mail was opened 
  in. However, File Downloads are enabled in all zones by default. "

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: John Q. Public: "Re: Fwd: Massive CMD.EXE and ROOT.EXE scan"
Previous message: FYOM: "Re: Explorer Dr. Watsons"
In reply to: Davis, Matt: "Some more details on the worm"
Next in thread: Steiner, Michael: "RE: Some more details on the worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 13:14:41 PDT