An interesting thought, though you'd have to get the virus to propogate prior to Outlook crashing. Otherwise you'd have to send a heck of a lot of messages yourself. -Mike On Tue, 23 Oct 2001, Blue Boar wrote: > > A few of my co-workers and I were just discussing the new error reporting > > functions of Internet Explorer, and we came up with a nasty idea for a virus > > utilizing that function as a method of causing a DoS. The idea is to write > > a virus that propagates through email (nothing new here) and exploits > > Outlook and Outlook Express to achieve that propagation. This virus would > > essentially cause the autopreview pane of Outlook to open viewing some type > > of HTML/ASP, etc in a way that would cause IE to crash when attempting to > > sort it. At that point, with the more recent releases of IE, there would be > > an automatic initiation of debug data sent to Microsoft, through using DNS > > to resolve. > > > > Obvious effects would be a likely DoS on business networks and on > > Microsoft's debug servers. Other effects could include difficulty in > > reaching and downloading patches for the vulnerabilities in the software (if > > Microsoft patch servers are utilizing the same WAN link as the debug > > servers), as well as possible effects upon DNS servers, especially at > > Microsoft. In addition, as has already been talked about, an enormous > > amount of private information possibly stored on the debugs would be > > forwarded as well. I would imagine that this type of virus could also > > effect other kinds of "bugzilla" services. > > > > Just a thought... >
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 09:34:31 PDT