The Bug with a free will!
it does not need you either
Juan Carlos Garcia Cuartango
discovered the "Active setup control security loophole" in Microsoft Outlook and
Outlook Express that can deliver your machine into malicious hands.
It downloads and saves an e-mail borne attachment without user
intervention or knowledge. Once free to roam your hard drive, the attachment can access or
delete files at will! This means it is worse as compared to the Bubbleboy Virus.
As mentioned in the Bubbleboy article
that the general trend is to think that "that unless you open an attachment and save
it to the disk you are safe" will not work anymore!
The hacker could create an HTML message with an unseemly harmless
".cab" file which is a trap. You wont need to save the file to disk but merely
opening it will execute a code embedded in the mail. A ".cab" file is
essentially a Microsoft file format used for transportation and storage of application
code.
While Microsoft has not spotted any exploits yet to this new bug, users
should disable the active scripting in Outlook express as a precautionary measure.
There is a Patch available that you could use if you are using IE 4.01
and above. You could use a patch to protect yourself.
This patch is available at:
http://www.microsoft.com/msdownload/iebuild/ascontrol/en/ascontrol.htm
Run this program from the site and reboot your computer.
|