OT: watch out for email "PRINT Summary Report"
nasty auto-running email -- look out, those of you who read using
microsoft email readers: i strongly recommend that if you get a
message entitled "PRINT Summary Report" from SOMEONE YOU DO NOT
KNOW, delete it instead of viewing it.
i just received an email, subject line
Subject: FW: PRINT Summary Report.
it's mime-encoded -- my email reader (mutt) shows
[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 0.3K --]
[-- text/html is unsupported (use 'v' to view this part) --]
[-- Attachment #2: readme.exe --]
[-- Type: audio/x-wav, Encoding: base64, Size: 75K --]
[-- audio/x-wav is unsupported (use 'v' to view this part) --]
[-- Attachment #3 --]
[-- Type: text/plain, Encoding: 7bit, Size: 0K --]
so the first part is HTML and the second part looks like an
audio clip.
here's the HTML portion:
<HTML><HEAD></HEAD><BODY bgColor=#ffffff>
<iframe src=cid:EA4DMGBP9p height=0 width=0>
</iframe></BODY></HTML>
the second portion IS AN *.EXE file!
what that HTML does is AUTOMATICALLY 'execute' the other
attachment (if you're on windo~1) which, if it's an audio clip,
is no big deal: but attachment #2 is an EXE file, which might
generate cute noises, or erase your hard drive, or collect your
personal info and send it screaming through the internet...
so if you're feeling lucky, display the message (which
automatically runs the "README.EXE" attachment). if you're
smart, get an email system that doesn't automatically execute
its attachments. :)
--
DEBIAN NEWBIE TIP #39 from Roy Culley <tgdcuro1@gd2.swissptt.ch>
:
Wondering why the pundits say that CSH SCRIPTS ARE CONSIDERED
HARMFUL? Although "tcsh" has improved on "csh" there are still
issues. For the full scoop, read
http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/
Also see http://newbieDoc.sourceForge.net/ ...
Reply to: