Hello Jonathan, On Tuesday, June 11, 2002 at 6:19:56 PM you wrote in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] (at least in part):
JA> Guess I need to give an example... Take... erm... SubSeven. Has a JA> small program that 'encapsulates' files... Run it onto a .jpg file it JA> increases the .jpg file by maybe 300kb... file extension is *still* JA> .jpg (no hidden extensions, or anything like that), and the file is JA> now executable, and causes infection with the subseven trojan. If this is true IE simply parses the beginning of that file and executes a system call as already mentioned in [EMAIL PROTECTED]">mid:[EMAIL PROTECTED] Try installing "Irfan View" (http://www.irfanview.com/) and make it handle '.jpg' files per default. Now open the file 'the normal way', I assume you double clicked it. See IrfanView give your the error message and check if the infection is still done?! No? I guess so it's not! Why? Because IE su**z and tries to be 'clever' ... it executes system calls similar to when you type start my_document.doc on command line (which opens Word or whatever is assigned to handle '.doc'), without any serious reason. If a file is named '.jpg' and IE is setup to handle '.jpg' and it knows '.jpg' is _an image format_, it should only call functions to render an (JPG-)image, nothing more, nothing less. If this image is invalid an error message has to appear. Nothing more, nothing less. No additional execution of whatever. But as already mentioned: try this with IrfanView, and I guess (I nearly bet my *** *G*) it wont execute even a single bit of malicious code :-) -- Regards Peter Palmreuther mailto:[EMAIL PROTECTED] (The Bat! v1.60q on Windows 2000 5.0 Build 2195 Service Pack 2) When you don't have an education, you've got to use your brains. - Anonymous - ________________________________________________________ Current Ver: 1.60q FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
