TUCoPS :: Browsers :: hack3816.htm

Netsky.R, auto execute w/ IE6 ?
Netsky.R, auto execute w/ IE6 ? 


Hello all,

If this is something obvious that I have overlooked I apologize in
advance....

I have received several emails (W2K, Outlook 2000) that appear to be
Netsky.Q or Netsky.R.  When opened these emails launch the attachment
automatically.   In my case, the .pif file has already been removed by my
email server, so the text file that has replaced the virus carrying .pif is
launched by notepad.

Still, this is rather disturbing to me, since AFAIK this is not supposed to
happen.

According to this:
http://www.f-secure.com/v-descs/netsky_q.shtml 

Netsky uses an old IE / Outlook MIME type vulnerability to auto launch the
executable:
http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx 

This vulnerability, according to the article, only affects IE5, whereas I am
using IE6 SP1 + patches.

Just to be sure, I did a windows update for all the latest security patches.
Even after this, Outlook still opens the attached file on viewing the email.

Is this new or have I missed something?  I can post the message source if
anyone is interested.

Thanks,
Mike Sassaman

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH