RE: [Full-Disc]: Xmas virus on the cards ?

["Rainer Gerhards" <rgerhards () hq adiscon com>]

> > > I noticed this article at http://www.vnunet.com/News/1151553 and
> > > it looks alarming - however did not find any more details. 
> >
> > To me, it sounds like someone has misunderstood the "social
> > engineering" of an URL that seems to lead to a picture...
> >
> > http://www.somedomain.com/picture.jpg
> >
> > Where "picture.jpg" is in fact a folder, not a file, so, a "normal"
> > HTML page is sent to the browser instead.

I just did a quick test. This works with executables quite well, too. I
used IIS, created a directory test.jpg, placed notepad.exe in it and
configured iis to use "notepad.exe" as default page.

Interestingly, in IE I not only received a warning but the file was also
not executable - I guess a little playing with the IIS mime map could
"fix" this. In Opera, I got a decent warning (even showing the correct
file name) and when I selected to "open" the file, I executed it.

I did not do any specific test, just a 2 minute try.

> > Aka, nothing to care about or filter at all, except trying to keep
> > your browser as safe as possible, to prevent exploits in the 
> > HTML-page.

I am not sure... this sounds indeed like a different quality. The
orginal poster told about html emails. I guess there can be done some
"fun" with this...

Rainer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html