Re: virus question

[Chip Old]

On Sat, 20 Apr 2002, FDShade@aol.com wrote to fold@bcpl.net:

> I thought that the only way one might contract a virus was by opening an > attachment. Am I wrong?

Jim, you wrote that to me privately, but I'm replying to the whole list because they should all be aware of this. Hope you don't mind. In most cases you are right. If you receive an e-mail with a virus-carrying file attachment, it *probably* won't infect your PC unless you intentionally open the file attachment. Unfortunately there are exceptions. 1) Some older versions of Outlook and Outlook Express came from Microsoft set by default to automatically open all file attachments. Very very stupid, Microsoft! If your mail program is configured to open attachments automatically, then every virus that comes down the wire will infect your PC. Microsoft saw the error of their ways and provided instructions for changing the setting, and recent versions of Outlook and Outlook express have that option disabled, but there are still people out there with mail programs set to open attachments automatically. 2) Outlook and Outlook Express use Internet Explorer as a "helper program" to open certain types of file attachments. Several versions of Internet Explorer have a bug that makes it possible for a certain type of e-mail file attachment to open automatically even when the "auto open" option is disabled in Outlook or Outlook Express. The Explorer bug was widely publicized and Microsoft provided a patch for the affected versions of Internet Explorer, but a lot of people are still running the buggy unpatched copies of Explorer. The Klez.H worm that is currently plaguing us can take advantage of that Internet Explorer bug. The bug is present in Internet Explorer 5.01 (unless Service Pack 2 has been applied) and Internet Explorer 5.5. You'll find the patch on the Microsoft TechNet Web site at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp . Microsoft no loger supports earlier versions so will not say whether they are affected, but it is generally assumed that they are. If you have an older version you should upgrade to a newer one. 3) Some old versions of Internet Explorer have a bug that causes them to automatically run Javascript code embedded in the text of an e-mail message opened in Outlook Express. Very few virus writers have taken advantage of this bug, but it remains a threat. These viruses are not contained in a file attachment, they are contained in the JavaScript embedded within the message. Microsoft provided a patch for this way back in 1999, but there are still people running unpatched versions of Outlook and Outlook Express. The affected versions are Internet Explorer 4.0 and 5.0. The patch is available on the Microsoft TechNet Web site at http://www.microsoft.com/technet/prodtechnol/ie/downloads/scrpteye.asp . However, if you are using either of these old versions of Internet Explorer keep in mind that they cannot be patched to protect against viruses that work as described in #2 above. You really should upgrade to a newer version. -- Chip Old 1948 M.G. TC TC6710 XPAG7430 NEMGTR #2271 Cub Hill, Maryland 1962 Triumph TR4 CT3154LO CT3479E fold@bcpl.net

[Sam Suklis]

Hello, Chip: I was unaware of that, but it's good news to hear, because when my computer had a nervous breakdown six months ago, and attempted to kill itself, we reloaded with Windows Edition two, and IE 6.0. Of course, being Microsoft, I'm sure new vulnerabilities will show themselves...we just wait, watch......................and cringe. Best regards, Sam SS

----- Original Message ----- From: "Chip Old" fold@bcpl.net> To: "MG-TABC" mg-tabc@yahoogroups.com> Sent: Saturday, April 20, 2002 10:43 PM Subject: [mg-tabc] Re: virus question > On Sat, 20 Apr 2002, FDShade@aol.com wrote to fold@bcpl.net: > > > I thought that the only way one might contract a virus was by opening an > > attachment. Am I wrong? > > Jim, you wrote that to me privately, but I'm replying to the whole list > because they should all be aware of this. Hope you don't mind. > > In most cases you are right. If you receive an e-mail with a > virus-carrying file attachment, it *probably* won't infect your PC unless > you intentionally open the file attachment. Unfortunately there are > exceptions. > > 1) Some older versions of Outlook and Outlook Express came from Microsoft > set by default to automatically open all file attachments. Very very > stupid, Microsoft! If your mail program is configured to open attachments > automatically, then every virus that comes down the wire will infect your > PC. Microsoft saw the error of their ways and provided instructions for > changing the setting, and recent versions of Outlook and Outlook express > have that option disabled, but there are still people out there with mail > programs set to open attachments automatically. > > 2) Outlook and Outlook Express use Internet Explorer as a "helper program" > to open certain types of file attachments. Several versions of Internet > Explorer have a bug that makes it possible for a certain type of e-mail > file attachment to open automatically even when the "auto open" option is > disabled in Outlook or Outlook Express. The Explorer bug was widely > publicized and Microsoft provided a patch for the affected versions of > Internet Explorer, but a lot of people are still running the buggy > unpatched copies of Explorer. > > The Klez.H worm that is currently plaguing us can take advantage of that > Internet Explorer bug. > > The bug is present in Internet Explorer 5.01 (unless Service Pack 2 has > been applied) and Internet Explorer 5.5. You'll find the patch on the > Microsoft TechNet Web site at > http://www.microsoft.com/technet/security/bulletin/MS01-020.asp . > Microsoft no loger supports earlier versions so will not say whether they > are affected, but it is generally assumed that they are. If you have an > older version you should upgrade to a newer one. > > 3) Some old versions of Internet Explorer have a bug that causes them to > automatically run Javascript code embedded in the text of an e-mail > message opened in Outlook Express. Very few virus writers have taken > advantage of this bug, but it remains a threat. These viruses are not > contained in a file attachment, they are contained in the JavaScript > embedded within the message. Microsoft provided a patch for this way > back in 1999, but there are still people running unpatched versions of > Outlook and Outlook Express. > > The affected versions are Internet Explorer 4.0 and 5.0. The patch is > available on the Microsoft TechNet Web site at > http://www.microsoft.com/technet/prodtechnol/ie/downloads/scrpteye.asp . > However, if you are using either of these old versions of Internet > Explorer keep in mind that they cannot be patched to protect against > viruses that work as described in #2 above. You really should upgrade to > a newer version. > > -- > Chip Old 1948 M.G. TC TC6710 XPAG7430 NEMGTR #2271 > Cub Hill, Maryland 1962 Triumph TR4 CT3154LO CT3479E > fold@bcpl.net > > > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > >