Web Hosting Forum | Lunarpages
News: July 14, 2008 - New Contest! - Submit Your WordPress Theme Designs, Win BIG!
June 30, 2008 - Submit Your Site for the July 08 Site of the Month Award!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		July 25, 2008, 06:37:37 PM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Lunarpages - Web Hosting, Email & PC Security > EMAIL
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: EMAIL  (Read 458 times)
TWebMan
Quantum Encyclopedia Writer
*****
Offline Offline

Posts: 3113



WWW
« on: November 13, 2001, 06:20:00 PM »
So far, I only know of one virus that can run without you opening an email-that is in the preview pane of Outlook Express.  It's the NIMDA.  This virus can attach itself to an html email or a web page, embed itself, and all you have to do is view the email or the web page and you are infected.  For all the other ones, here's some simple rules to keep your email safe:
1. Never ever ever just open an attachment.
  Right-click on it and choose to save it to disk.  Once it's saved, scan it with your virus scanner.  That simple step alone will protect you from most virus attachments.  Once it's deemed safe, then open it.  Even attachments that appear to be images can contain a virus.  It's popular to rename a virus to .jpg.pif and your system will only show you the .jpg extention!  If you ever get an attachment like that, you can be sure it's a virus.  Zone Alarm and other firewall/anti-virus programs will also 'quarantine' attachments, but quarantine does not mean safe.  You still need to scan the file.
Logged
"Computers cause people to make more mistakes than any other invention in history, with the possible exception of handguns and tequila."  - Unknown
"Liberty of any kind is seldom lost all at once." - D. Hume
Every day is an Ode to Joy
The planet will be fine... and so will your site
stephan
Berserker Poster
*****
Offline Offline

Posts: 5587



WWW
« Reply #1 on: November 13, 2001, 08:11:00 PM »
I got a different one a long time ago. I can't remember what it was called but it ran from the preview pane of Outlook Express.

Microsoft released a patch which you can get from windowsupdate.microsoft.com if you need it.
Logged
Santos
Jabba the Hutt
*****
Offline Offline

Posts: 562


WWW
« Reply #2 on: November 13, 2001, 08:57:00 PM »
Im sorry web man that description is incorrect, at least pertially...

NIMDA - Reverse spelling for ADMIN  

The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.

Here is the part where you were wrong web man --> If you visit a compromised Web server, you will be prompted to download an .eml (Outlook Express) email file, which contains the worm as an attachment. You can disable "File Download" in your Internet Explorer internet security zones to prevent this compromise.

So basically if you dont use outlook or dont agree to download the fuile you will be safe    That simple.

Also windows XP of COURSE is not vulnurable nim soo gona use that os    

The W32/Nimda-A virus can infect users of the Windows 95/98/Me operating systems as well as Windows NT and 2000 XP is not vulnurable.

Read my security checklist for complete email protection  
Logged
Smile, it makes people wonder what you're up to...
TWebMan
Quantum Encyclopedia Writer
*****
Offline Offline

Posts: 3113



WWW
« Reply #3 on: November 14, 2001, 01:09:00 AM »
Ah, I stand corrected.  I did get that one through an email, and I have the security patch for OE.  Patch will go into OE before account goes in.          Here's what I read at NAI:
   
quote:
The email messages created by the worm specify a content-type of audio/x-wav and contain an executable attachment type. Thus when a message is accessed, the attachment can be executed without the user's knowledge. Simply viewing the page in Microsoft Outlook or Microsoft Outlook Express using the preview pane can infect you. Other mail clients can still receive these email messages, but double-clicking the attachment would be required to execute the virus. WinNT/2K systems cannot be infected from an email message.

When infecting, it appends .ASP, .HTM, and .HTML documents, and files named INDEX, MAIN, and DEFAULT, with javascript code which contains instructions to open a new browser window containing the infectious email message itself (taken from the dropped file README.EML). Thus when this infected web page is accessed (locally or remotely) the machine viewing the page is infected. In other words, simply visiting a web site that is compromised can infect your computer. WinNT/2K systems cannot be infected by accessing an infected .ASP, .HTM, or .HTML document.

-- I did know about the fact that it infects IIS 3-4 (imagine that)and won't affect NT-type clients.  Now, correct me please (again) if I'm wrong.  According to the above, infection from a web page is achieved through a javascript window.  Once that window has opened, you know the content is saved to your cache folder.  At that point, are you not infected? That is, on an unprotected system as per:
   
quote
Quote
All users running Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2), are advised to install this patch for the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability.
This leads me to believe that the virus can be downloaded as general content to be cached.  Of course, even at that point it's useless without an execution method.  But, again, would the browser not think that it's just getting an audio file attached to a web page, therefore downloading to temp/cache, and executing?
The security checklist is yet another among the excellent resources making up this forum!  KUDOS!

[ November 14, 2001: Message edited by: TWebMan ]
Logged
"Computers cause people to make more mistakes than any other invention in history, with the possible exception of handguns and tequila."  - Unknown
"Liberty of any kind is seldom lost all at once." - D. Hume
Every day is an Ode to Joy
The planet will be fine... and so will your site
Santos
Jabba the Hutt
*****
Offline Offline

Posts: 562


WWW
« Reply #4 on: November 14, 2001, 01:26:00 AM »
quote:

But, again, would the browser not think that it's just getting an audio file attached to a web page, therefore downloading to temp/cache, and executing?


That was somnewhat wrong but the rest of your assumption is correct.

Good eye webman      
Bastard        You got me..

I was looking, of course, from my set of mind that i have downloaded the latest patches via critical updates. Here is what happens to usecure unpatched IE.

NIMDA looks for IIS web servers suffering from the Unicode Directory Traversal vulnerability. It attempts to alter the contents of pages on such servers, hunting for the following filenames:

index.html
index.htm
index.asp
readme.html
readme.htm
readme.asp
main.html
main.htm
main.asp
default.html
default.htm
default.asp

If it finds one of the above files on the web server the virus attempts to alter the contents of the file, adding a section of malicious Javascript code to the end of the file.

If the website is then browsed by a user with an insecure version of Internet Explorer, (UNPATCHED) the malicious code automatically downloads a file called readme.eml onto the user's computer - which is then executed, forwarding the virus once more.

Hehe so instead, I STAND CORRECTED. Yes average ususpecting user would have been infected by simply viewing the site whose servers were infected      

Nice eye and props to you      

[ November 14, 2001: Message edited by: Santos ]
Logged
Smile, it makes people wonder what you're up to...
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.3 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM