GOOROO CROSSING: File Spoofing Internet Explorer 6

http-equiv_at_excite.com
Date: 01/27/04

  • Next message: Aaron J. Smith: "Re: FYI: Are you still looking for an excuse to block executable attachments?"
    Date:         Tue, 27 Jan 2004 17:27:21 -0000
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Tuesday, January 27, 2004

    Trivial file spoofing in Internet Explorer 6.0.2800.1106 and all
    of 'its' patches to date on WIN XP [probably others]:

    Content-Disposition: attachment; filename=malware.{3050f4d8-98B5-
    11CF-BB82-00AA00BDCE0B}fun_ball_gites_pie_throw%2Empeg"

    Absolute bare minimum working demo [perhaps even feeble] as we
    are absolutely confident the self-appointed resident gooroo will
    be along shortly handing out packets of two cents to everyone
    thus saving us the effort to illustrate in even greater detail
    to those lacking imagination:

    http://www.malware.com/gooroo.html

    End Call

    --
    http://www.malware.com
    -----
    NTBugtraq Editor's Note:
    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    -----
    

  • Next message: Aaron J. Smith: "Re: FYI: Are you still looking for an excuse to block executable attachments?"