Re: BCC email virus

From: John Daniele (johnd@tsintel.com)
Date: 01/30/02


Date: Tue, 29 Jan 2002 20:04:25 -0500 (EST)
From: John Daniele <johnd@tsintel.com>
To: Meritt James <meritt_james@bah.com>


> Why just don't run emailed executables?

Because for as long as you are running an email client that interprets
vb/java/lotus/*scripting code, you are at risk. There have been cases
where executable code is automatically run simply by clicking on the
message as opposed to running it manually. I've also seen one one case
where the executable was executed accidently by buggy code implemented
as a part of the email client's export-attachment function.

----------------------------------
John Daniele
Technical Security & Intelligence
Toronto, ON
Voice: (416) 605-2041
Email: johnd@tsintel.com
Web: http://www.tsintel.com
----------------------------------