Security Incidents mailing list archives
Re: [Bradley Chapman <eaglebtc () byu edu>] Timothy McVeigh "video" linklures IRC users to install sub7
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 12 Jun 2001 13:34:56 -0400
The page itself is blank. After about 2 seconds, it forwards to an email link at: http://www.concentric.net/~1horizon/unknown.eml
The pages appear to be unavailable now. This may be coincidental but EML MIME types are the basis for exploits for the bug described in: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp There have been exploits available for some time that are pathetically easy to use. If a vulnerable browser visits a web site, any file can be dropped on the vulnerable client without notification or user action. http://www.kriptopolis.com/cua/eml.html The original poster indicated he opened the .eml file in Outlook Express. If he has a vulnerable version of IE, it is possible that his computer had the update.exe file dropped on it somewhere, probably the startup folder, even though he didn't click on an attachment. I've been expecting something bad to come from this for some time. http://www.jmu.edu/computing/info-security/engineering/issues/iemime.shtml -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [Bradley Chapman <eaglebtc () byu edu>] Timothy McVeigh "video" link lures IRC users to install sub7 Adam Stanley (Jun 12)
- Re: [Bradley Chapman <eaglebtc () byu edu>] Timothy McVeigh "video" linklures IRC users to install sub7 Gary Flynn (Jun 12)