nanog mailing list archives
Re: Possibly yet another MS mail worm
From: Curtis Maurand <curtis () maurand com>
Date: Mon, 1 Mar 2004 10:38:15 -0500 (EST)
On Mon, 1 Mar 2004, Todd Vierling wrote:
On Mon, 1 Mar 2004, Curtis Maurand wrote: : Sure they do....its called COM/DCOM/OLE/ActiveX or whatever they : want to call it this week. Its on every windows system. No, my point was that the majority of newer trojan mail viruses don't depend on ActiveX exploits -- they simply wait, dormant, for a n00b to click on this mysterious-looking Zip Folder, and the mysterious-looking EXE inside. It's as if the modern e-mail viruses are closer to human infections. Only the clueful are immune. 8-)
The latter is very true. My point is that the COM/DCOM/OLE/ActiveX is what allows for a script in an email message that gets executed to have access to the rest of the system, rather than executing within a protected sandbox. Of course scripts within email messages shouldn't execute at all. Once they do execute, they have access to the OLE objects on the machine. Its a security hole big enough to drive a tank through.
-- -- Curtis Maurand mailto:curtis () maurand com http://www.maurand.com
Current thread:
- Re: Possibly yet another MS mail worm, (continued)
- Message not available
- Re: Possibly yet another MS mail worm Rubens Kuhl Jr. (Feb 29)
- Re: Possibly yet another MS mail worm Michael Wiacek (Feb 29)
- RE: Possibly yet another MS mail worm Steve Birnbaum (Mar 01)
- Possibly even yet another MS mail worm Mike Nice (Mar 01)
- Re: Possibly even yet another MS mail worm Stephen J. Wilcox (Mar 01)
- Re: Possibly even yet another MS mail worm Jeff Shultz (Mar 01)
- Re: Possibly even yet another MS mail worm Laurence F. Sheldon, Jr. (Mar 01)
- Re: Possibly yet another MS mail worm Todd Vierling (Mar 01)
- Re: Possibly yet another MS mail worm Laurence F. Sheldon, Jr. (Mar 01)
- Re: Possibly yet another MS mail worm Curtis Maurand (Mar 01)
- Re: Possibly yet another MS mail worm Sam Stickland (Mar 01)
- Re: Possibly yet another MS mail worm John Palmer (Mar 01)
- Re: Possibly yet another MS mail worm David A. Ulevitch (Mar 01)
- Re: Possibly yet another MS mail worm Valdis . Kletnieks (Mar 01)
- Re: Possibly yet another MS mail worm Leo Vegoda (Mar 01)
- Re: Possibly yet another MS mail worm Randy Bush (Mar 01)
- Re: Possibly yet another MS mail worm Henry Linneweh (Mar 01)
- Re: Possibly yet another MS mail worm Valdis . Kletnieks (Mar 01)
- Re: Possibly yet another MS mail worm John Palmer (Mar 01)