Malware Technique

Posted by on January 13, 2005

For a long long time it was the common mantra of Geeks that attachments
in email could not be automatically executed by simply handling the
email(opening, replying, forwarding). This hasn’t been the case for a while
now and this exploit/vulnerability amplifies the fact.

A new trend among “malware” authors is to use a vulnerability in MS
Outlook (*NOT* outlook express) to make attachments automatically execute
when the email item is FORWARDED to another recipient. So, the nasty
program may not run on YOUR machine but when you forward it to all 300 of
your closest personal friends it DOES run on THEIR machines…automatically.
A mitigating factor here is the user, the one forwarding the note, must use
MS WORD as their email editor. If this person DOESN’T use Word as their
email editor, the program doesn’t run. That’s small comfort considering the
potential nastiness involved.

It’s important to note here that this is NOT a virus…it’s a technique.
The program that is forwarded may be caught by your anti-virus software and
it may not. You cannot rely on Anti-virus to protect against this.

It’s also important to note that the latest patches to Windows XP will
not protect against this. If you are vigilant with your patches (as I’m
sure you all are right? *HINT*) and KNOW you are fully patched, do not
assume you are safe from this technique.

The ONLY way to protect yourself is to STOP using Word to edit emails.
While you’re at it, stop using HTML in your email altogether. Below are
some links that will walk you through disabling HTML and Word as email
editor. I know it’s a pain but what is more painful, losing all the cute
little graphics in your email or having to rebuild your computer? Thought
so. 😉
Outlook 2000
Outlook 2002
Outlook Express

>From those links you should be able to figure it out if you are using a
different version of Outlook. If not, go here and find your program in the list.

Come on folks…join the Plain Text Email campaign!

Last modified on January 13, 2005

Categories: InfoSec
Comments Off on Malware Technique

« | Home | »

Comments are closed.

%d bloggers like this: