Brita wrote: > I thought Mike D had put in a fix for it already. Yikes, what an ugly > bug showed up on my screen. But not for long.
Okay, it took me a while to find out where this bug came from. Yes, it was the post from Nancy, dbl...@cfl.rr.com, to the "Personal Experience Update" thread. The bug is an embedded Visual Basic script in the HTML portion of Nancy's e-mail. She's using Microsoft Outlook Express and has HTML formatting turned on. This allows Outlook to embedd one copy of the message in one part of the MIME multipart message, labeled "Content-Type: text/plain" ... ... followed by another copy of her message identified as "Content-Type: text/html" ... this one formatted in HTML, which adds *LOTS* of size and no informational value to her message, but allows her to use bold, italics, various fonts and character sizes, colors and whatever, if she chooses. Unfortunately, HTML formatting also permits the message to contain an executable script, embedded invisibly right along with the text of her message, contained within <script>... </script> tags. Everything in between appears to my untrained eye to be a Visual Basic Script ActiveX control which seems, at least, to modify autoexec.bat and add lines to the registry. I also understand from further study that it mucks around with Outlook Express settings as well, making a copy of itself the default signature file for messages you send out using Outlook, thus assuring its propagation to other systems. You can get more info about this worm at the following URL: http://www.antivirus.com/pc-cillin/vinfo/ Kakworm is one of the "top 10 viruses" in the list, or you can enter kakworm.a in the search window... Brita wrote: > I thought Mike D had put in a fix for it already. I've blocked parts of a multipart message which contain executables, batch files, scripts and the like. I haven't done anything to block embedded scripts like this. In fact it's the first example I've seen of the fabled "malicious HTML" they've always warned us about. I didn't get the bug because my mail reader always asks if I want to view HTML messages in the browser or as plain text. I always choose text. Outlook Express users are not so lucky, as the default configuration displays the message in the "preview" window, which, due to a gaping security flaw, actually allows the script to execute and infect the system. I believe that the most current updates to Outlook Express and Internet Explorer plug this security hole, but everybody who has *not* visited the Microsoft Update web site on a regular basis is still vulnerable (which I imagine is most people). Can anybody give us concise instructions for upgrading our security settings to make it less likely to catch this sort of bug? I'll start doing some digging to see if I can find or build a procmail script to strip out embedded scripts from HTML, or maybe tackle the job of dumping HTML entirely, tho that's a whole 'nuther level of complexity, so I hear, given the inglorious profusion of incompatible variations on all the standards. Once again, this foolishness is brought to you by the highly competent and skilled programmers at Microsoft... <sigh> Be well, Mike Devour silver-list owner [Mike Devour, Citizen, Patriot, Libertarian] [mdev...@eskimo.com ] [Speaking only for myself... ] -- The silver-list is a moderated forum for discussion of colloidal silver. To join or quit silver-list or silver-digest send an e-mail message to: silver-list-requ...@eskimo.com -or- silver-digest-requ...@eskimo.com with the word subscribe or unsubscribe in the SUBJECT line. To post, address your message to: silver-list@eskimo.com Silver-list archive: http://escribe.com/health/thesilverlist/index.html List maintainer: Mike Devour <mdev...@eskimo.com>
