North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Virus Update
- From: David Charlap
- Date: Thu May 04 18:59:24 2000
"Eric A. Hall" wrote:
>> Is Outlook Express immune to this or does it execute VB script too?
> If you have VBS installed (Windows Scripting Host) and you execute the
> attachment you will be in big trouble. This applies to all Windows
> mailers, whether it be Eudora or Communicator or whatever. AFAIK, the
> only mailer that automatically executes VBS is Outlook.
Many mail programs (including Netscape Communicator) have no VBS support
in them, so they can not execute virusses like this one.
Netscape Communicator has another feature which is especially good for
fighting e-mail virusses. It is impossible to execute an executable
attachment (VBS, EXE, whatever) directly from a mail message, news
message or web page. The user must explicitly save the attachment to
disk and execute it by hand.
This eliminates all the cases of people accidentally executing
attachments, thinking that they are actually document files of some
I don't know if Eudora has similar safeguards or not. I have not used
I know that Microsoft's mail programs (Outlook and Outlook Express) are
both lacking in such safeguards. It is possible for these programs to
launch executable attachments. They can also auto-launch them when the
message is opened.
One of them (I think Outlook) can also auto-launch attachments when the
message is selected (and displayed in the preview window) and not even
opened. This is a _BIG_ security hole that Microsoft has not fixed,
despite other virusses (like Melissa) which have already taken advantage