Vulnerability Development mailing list archives
Re: UPDATE on possible new "e-mail virus" concept ?
From: xm () GEEKMAFIA DYNIP COM (Jon Williams)
Date: Sat, 20 May 2000 08:58:02 -0400
Are you usre they're randomly named and its not just and MD5 checksum or something analogous? Ex Machina (xm () geekmafia dynip com) http://geekmafia.dynip.com/~xm/ phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina GnuPG Keyprint: 0627 C3A8 DE25 F7FB 46BD 4870 2006 CF7F EBDA 949D On Fri, 19 May 2000, Jim Paris wrote:
Date: Fri, 19 May 2000 22:14:12 -0400 From: Jim Paris <jim () JTAN COM> To: VULN-DEV () SECURITYFOCUS COM Subject: Re: UPDATE on possible new "e-mail virus" concept ?- If changing directories is not possible, could it be possible to send someone an e-mail with a image source : http://www.server.com/virus.com (with that virus.com being a com file that starts with BM) and enclose a .url file as an attachement that points to file:///c:/temp-inet-files/virus.com (Using a link in the HTML code will not work as it will ask prompt you for a download dir)This is nothing new. It's been done before. And exploited before. And Microsoft fixed the hole. Cache directories for IE are now randomly named. That's why a "dir /ad c:\windows\tempor~1\content.ie5" on my system returns: Volume in drive C is JIM Volume Serial Number is 133A-1F67 Directory of C:\WINDOWS\Temporary Internet Files\Content.IE5 . <DIR> 08-20-99 10:15a . .. <DIR> 08-20-99 10:15a .. 2E1HORCP <DIR> 05-04-00 4:06a 2E1HORCP 6DBN5IXF <DIR> 05-04-00 4:06a 6DBN5IXF 6ZWDGF4H <DIR> 05-04-00 4:07a 6ZWDGF4H 8DEBSDIR <DIR> 05-04-00 4:06a 8DEBSDIR CPEV0L2M <DIR> 05-04-00 4:06a CPEV0L2M GP8HBR4O <DIR> 05-04-00 4:06a GP8HBR4O HG3TWMMW <DIR> 05-04-00 4:06a HG3TWMMW I60CP4EH <DIR> 05-04-00 4:06a I60CP4EH K1KE6LVN <DIR> 05-04-00 4:06a K1KE6LVN RC1EW5ID <DIR> 05-04-00 4:06a RC1EW5ID S79O3RUD <DIR> 05-04-00 4:06a S79O3RUD XK8291QN <DIR> 05-04-00 4:06a XK8291QN 0 file(s) 0 bytes 14 dir(s) 1,528.41 MB free -jim
Current thread:
- Re: Netscape forms using standard windows controls, (continued)
- Re: Netscape forms using standard windows controls Derek Reynolds (May 21)
- Re: Netscape forms using standard windows controls Pavel Kankovsky (May 22)
- Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
- Re: Why not a changeling? Bluefish (May 21)
- TopLayer layer 7 switch Advisory User nawk (May 20)
- Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Taneli Huuskonen (May 19)
- CAU Technologies, Inc. Security Advisory 2000.05.19.001 : Default Syslog Installations Security Advisory (May 19)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)
- Windows IP Fragment Reassembly Vulnerability Masial (May 20)
- Re: Windows IP Fragment Reassembly Vulnerability Mikael Olsson (May 21)
- Re: Outlook HTML VBS (demo) Michael Hendy (May 21)
- Re: Outlook HTML VBS (demo) Masial (May 22)
- Re: Windows IP Fragment Reassembly Vulnerability Blue Boar (May 21)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- krb5 1.1.1 Mariusz Woloszyn (May 22)
- Re: Windows IP Fragment Reassembly Vulnerability Pete Philips (May 23)
- Re: UPDATE on possible new "e-mail virus" concept ? Bluefish (May 20)