Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Feb 2004
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus from WWW (Outlook 2003)

    Here is an attachment inserted by my McAfee A/V to an email proportedly from WWW:

    The subject was: WWW #7.03-Win98 support update


    ****************** McAfee VirusScan ************************
    ******* Alert generated at: Wed, 04 Feb 2004 17:11:30 -0500 *********
    ************************************************** *******************

    McAfee VirusScan has detected a potential threat in this e-mail
    sent by Woody's WINDOWS Watch <wow-robot@woodyswatch.com>.
    The following actions were attempted on each suspicious part.
    We strongly recommend that you report this virus-related activity
    to Woody's WINDOWS Watch <wow-robot@woodyswatch.com>.


    The attachment "E-mail body" is infected with the Exploit-URLSpoof.gen Trojan(s).
    This attachment has been quarantined.
    ================================================== ==

    Here's the email header info:

    I mangled my email address with xxx@xxx.net

    Delivered-To: xxx@xxx.net
    Received: by iris1.directnic.com (iris/0.131:360151); 4 Feb 2004 22:10:10 +0000
    Received: from caseyjones.dundee.net (HELO lists.woodyswatch.com) (216.234.106.37)
    by pop.directnic.com (iris/0.131:360151) with SMTP
    for <xxx@xxx.net> (rule 360151); 4 Feb 2004 22:10:40 +0000
    X-Envelope-Sender: bounce-www-23022769@lists.woodyswatch.com
    X-Envelope-Recipient: xxx@xxx.net
    Return-Path: bounce-www-23022769@lists.woodyswatch.com
    From: Woody's WINDOWS Watch <wow-robot@woodyswatch.com>
    To: xxx@x.net
    Subject: WWW #7.03- Win98 support update
    Date: Wed, 04 Feb 2004 17:10:11 -0500
    MIME-Version: 1.0
    Content-Type: Multipart/Mixed;
    boundary="----=_NextPart_000_00ED_01C2F57F.F3E09A70"
    Content-Transfer-Encoding: 8bit
    List-Unsubscribe: <mailto:leave-www-23022769K@lists.woodyswatch.com>
    List-Subscribe: <mailto:subscribe-www@lists.woodyswatch.com>
    List-Owner: <mailtowner-www@lists.woodyswatch.com>
    X-List-Host: Woody's Watch <http://www.woodyswatch.com>
    Reply-To: Woody's WINDOWS Watch <www.robot@woodyswatch.com>
    Sender: bounce-www-23022769@lists.woodyswatch.com
    Message-Id: <LYRIS-23022769-14346837-2004.02.04-17.10.13--acp#bishopdrive.net@lists.woodyswatch.com>

    =================================================

    Is the a "Woody" problem?

    Thanks.....

  2. #2
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus from WWW (Outlook 2003)

    I received WWW in excatly the same mailing through Norton Anti-Virus (fully updated) and recxeived no such warning. There is no trace of infection in the source HTML.
    Gre

  3. #3
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Salt Lake City, Utah, USA
    Posts
    9,508
    Thanks
    0
    Thanked 6 Times in 6 Posts

    Re: Virus from WWW (Outlook 2003)

    See the <!post=Newsflash,339674>Newsflash<!/post>.
    -John ... I float in liquid gardens
    UTC -7DS

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Roanoke area, Virginia, USA
    Posts
    3,729
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus from WWW (Outlook 2003)

    This is more evidence that Email scanning should be turned off on the clients. It wastes resources to tell you that messages that are easily identified as spam or virus and which you'll delete immediately without question are infected and tells you mail that isn't infected is. It also slows down mail retrieval and only provides early warning of infected messages that you know to delete anyway.

    Outlook uses a secure temp folder for attachments before opening them and as long as the scanner is set to scan all writes to the drive, you're protected (as well as you are with email scanning) if you open one without thinking.

  5. #5
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Vienna, Wien, Austria
    Posts
    5,009
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus from WWW (Outlook 2003)

    This has to be coupled with an anti-HTML policy - otherwise there is a definite risk of e-mail address validation. Validation arises from "call home" code in the incoming mail - and is triggered when the mail is inadvertently opened.
    Gre

  6. #6
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Roanoke area, Virginia, USA
    Posts
    3,729
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus from WWW (Outlook 2003)

    Outlook 2003 blocks web bugs by default and includes an easy to toggle off method of reading all mail as plain text. But in all honesty, few people care about web bugs and those who do have been blocking them (and pop up ads) for years using other methods. google the microsoft newsgroups - the blocked web content gets an awful lot of complaints.for something so good and so easy to turn on per message.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •