[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: New Mimail.C Worm -- different in WinZip than Explorer?
From: Rick Kunkel <kunkel () w-link ! net>
Date: 2003-10-31 22:04:09
[Download RAW message or body]
Hello all,
Off topic I guess...(if there IS a consistent topic here)...BUT...
I got the Mimail.C worm in an email today. I use Pine, so normally I have
no probs with these Microsoft vulnerabilities. However, I was fairly
certain this was a virus, so i downloaded it to my windpows desktop and
double-clicked it. Right now, .zip files are associated with Windows
Explorer, so it should have opened in there. However, it didn't. I got
that disconecerting half-second of hourglass, and then nothing.
"Damn," I though. Then I opened WinZip and opened the .zip file. Inside,
there was the photos.jps.exe file that I guess is infected.
A scan proved that I HAD gotten infected...
My question is this: Is there a screwed up vulnerability in the handling
of .zip files in windows explorer? Did I actually EXECUTE the contents of
that zip file? It would appear so.
Or, would this have executed if .zip was associated with WinZip as well?
Somehow, I doubt it.
(Also, I read somewhere that the REAL filename was photos.zip.exe or
something weird like that. I see no indication of this, either in the raw
email itself, or in the dos filename, or ANYWHERE.)
THanks,
Rick Kunkel
_______________________________________________
"Eat sushi frequently". - Avi
inet@inet-access.net is the human contact address.
list@inet-access.net is the list posting address.
See below URL for subscribe/unsubscribe and list options:
http://inet-access.net/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic