FLORA Community WEB:
 Who we are   Organizations   Get Involved!   Helpdesk 
 Weblog   About FLORA   Server project   F.A.Q. 

Election 2006 (and beyond): Digital Copyright Canada

Free/Libre Software and Community Networking FORUM

Read: [next] [previous] message

comnet-www: Viruses...and design flaws.

From: Russell McOrmond <russell_-at-_flora.ca>
To: Free/Open-Source Software Community Networking/Computing <comnet-www_-at-_flora.org>
Date: Thu, 2 Jan 2003 11:59:28 -0500 (EST)

  I have seen a number of viruses come in with 3 parts, and I am wondering 
which particular client bugs they are attacking.  I'd like to do a bit 
more analysis.

   1     ~4 lines   Text/HTML   
   2     91 KB      Audio/X-WAV
   3    629 lines   Text/PLAIN                                                  


The message starts as:

  --S6r3yJ8Tz7N7Hpy420Vf1P2V9UQ5c4
  Content-Type: text/html;
  Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>
<iframe src=3Dcid:Y2oNnkR6i1321107o51 height=3D0 width=3D0>
</iframe>
<FONT></FONT></BODY></HTML>

  --S6r3yJ8Tz7N7Hpy420Vf1P2V9UQ5c4
  Content-Type: audio/x-wav;
        name=Xik.bat
  Content-Transfer-Encoding: base64
  Content-ID: <Y2oNnkR6i1321107o51>

[...etc...]


   And the text/plain appears to have the following (as text - given there
is a blank line after the separator):

  --S6r3yJ8Tz7N7Hpy420Vf1P2V9UQ5c4

  Content-Type: application/octet-stream;
        name=srch[1].htm
  Content-Transfer-Encoding: base64
  Content-ID: <Y2oNnkR6i1321107o51>

[....etc]



  I am wondering what bugs this is target at.  Do some popular graphical
email packages actually allow remote attackers to embed attachments like
this such that viruses will be auto-executed as soon as the message is
opened?

  This reminds me of Mike Richardson's suggestion that Microsoft is
criminally neglegent due to their implimentation of MIME-capable client
software <http://www.digital-copyright.ca/discuss/1563>.  I wonder,
however, if AOL (via Netscape)  and other packages are similarly
vulnerable.

  Has anyone evaluated Evolution or Mozilla.org on this question to see if
they are treating security issues with more concern?  I assume that they
are handling things properly (almost anyone seems to be better at security
than Microsoft), but since I still primarily use a text-mode email package
(PINE) I don't really know first-hand.

---
 Russell McOrmond, Internet Consultant: <http://www.flora.ca/>
 Any 'hardware assist' for communications, whether it be eye-glasses, 
 VCR's, or personal computers, must be under the control of the citizen 
 and not a third party.   -- http://www.flora.ca/russell/
Read: [next] [previous] message
List: [newer] [older] articles
Please read the FLORA.org Terms and Conditions before you submit information to FLORA.org
Join the Blue Ribbon Online Free Speech Campaign
(USA) (Canada) 		FLORA Community Web (FLORA.ORG) is sponsored by FLORA Community Consulting (FLORA.CA).