TCS - Mail Delivery (failure don@donsingleton.com)

Mail Delivery (failure don@donsingleton.com)

by Don Singleton
Tulsa Computer Society
From the April 2004 issue of the I/O Port Newsletter

I received a message, supposedly from support@radmin.com with a subject of Mail Delivery (failure don@donsingleton.com)

The body of the message was:

If the message will not displayed automatically, follow the link to read the delivered message.
Received message is available at: www.donsingleton.com/inbox/don/read.php?sessionid-12249

However the link was not www.donsingleton.com/inbox/don/read.php?sessionid-12249 but rather mhtml:mid://00000039/!cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re which I suspect would have opened the attachment: message.zip which was infected with the W32.Netsky.P@mm virus.

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.

If you are still running either Microsoft Internet Explorer 5.01 or Microsoft Internet Explorer 5.5 you should check Microsoft Security Bulletin (MS01-020).

The patch was superceeded by the patch in Microsoft Security Bulletin MS01-027 so if you have installed it, you should be OK.

I run IE6, which I suppose already includes the patch, but I was happy that Norton AntiVirus detected the virus and removed the attachment.

For more information on the Tulsa Computer Society click here

Tulsa Computer Society 4/01/2004

Don Singleton, President

Mail Delivery (failure don@donsingleton.com)

by Don Singleton Tulsa Computer Society From the April 2004 issue of the I/O Port Newsletter

by Don Singleton
Tulsa Computer Society
From the April 2004 issue of the I/O Port Newsletter