Re: [Declude.Virus] hlp attachments
http://msmvps.com/trafton/ Just added HLP to my block list. (anyone what to vote, we just shut down the internet) Greg --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
Sure For about two weeks until I get back from vacationuh, we still get to charge for internet related services, right? ;^P Darin. - Original Message - From: Greg Little [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Wednesday, December 29, 2004 12:59 PM Subject: Re: [Declude.Virus] hlp attachments http://msmvps.com/trafton/ Just added HLP to my block list. (anyone what to vote, we just shut down the internet) Greg --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
HLP files aren't used to spread the viruses mentioned in that link (they used HTML exploits). There is some confusion going on here about the name of the vulnerability and the association with HLP files. Although HLP files can be used to spread viruses, they are not currently being used by virus writers to spread any of these auto-replicating viruses, and the number of HLP viruses in the wild is quite low. Banned extensions are primarily useful for fast spreading viruses so that things can be blocked prior to new definitions becoming available, and if your list is chosen carefully, this can be done with minimal restriction to general E-mail use (most people don't send CPL, BAT, CMD, encrypted ZIP's, for instance, and shouldn't be sending EXE's at least without zipping them up). So blocking HLP files is probably unnecessary, although sending HLP files is extremely uncommon and shouldn't be causing too many issues if you do. Matt Greg Little wrote: http://msmvps.com/trafton/ Just added HLP to my block list. (anyone what to vote, we just shut down the internet) Greg --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] hlp attachments
Hi John.. I had never of it but.. Here is a Google search result.. http://www.uts.edu.au/email/advanced/executable.html http://office.microsoft.com/en-us/assistance/HA011402971033.aspx Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, December 28, 2004 1:51 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] hlp attachments I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
http://www.thechannelinsider.com/article2/0,1759,1745654,00.asp Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, December 28, 2004 1:50 PM Subject: [Declude.Virus] hlp attachments I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
FYI - Not sure about hlp, but there is an exploit with chm (windows help files). Microsoft Internet Explorer Fully Automated Remote Compromise Summary: Summary A vulnerability exists in Microsoft Internet Explorer version 6.0 on Windows XP SP2 or Windows Server 2003 due to the combination of multiple known security holes found in Windows Service Pack 2. A remote attacker could exploit this vulnerability to execute arbitrary code on vulnerable systems with minimal user interaction. Technical Analysis hhctrl.ocx is the Microsoft HTML Help ActiveX control which supports all functions of the user help interface. The lack of restrictions set in Internet Explorer allow web pages to open any local webpage or a Windows Help file(.chm) compiled with HTML help via hh.exe, the HTML Help tool. An attacker may host a malicious web page that utilizes hhctrl.ocx to launch a help pop-up window that opens the location of a webpage or a Windows Help file(.chm) in the 'local' zone. hhctrl.ocx can then be used to navigate to a javascript handler that allows an arbitrary remote program to be injected into the previously opened page and executed. The HHClick() function can be used to automate the vulnerability and bypass the need for user interaction. Since some systems may not have this particular ActiveX control, successful exploitation requires Windows Server 2003 hosts to have hhctrl.ocx installed. Platform: 1 - Microsoft Product/version: XP SP2 and Server 2003 Links: http://www.k-otik.com/exploits/20041228.CMDExe.php http://www.freewebs.com/shreddersub7/expl-discuss.htm Darrell Kami Razvan writes: Hi John.. I had never of it but.. Here is a Google search result.. http://www.uts.edu.au/email/advanced/executable.html http://office.microsoft.com/en-us/assistance/HA011402971033.aspx Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, December 28, 2004 1:51 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] hlp attachments I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
Any one have information on a virus that uses that? New MS hotfixes from the last two days--one covers a vulnerability in WinHelp. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.