Fun_People Archive
2 Sep
Bulgarian horse - the Melissa virus, but even worse

Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Thu,  2 Sep 99 11:06:15 -0700
To: Fun_People
Precedence: bulk
Subject: Bulgarian horse - the Melissa virus, but even worse

X-Lib-of-Cong-ISSN: 1098-7649
Forwarded-by: david mankins <>

Hotmail grumblings aside (which, after all, is implemented on *UNIX* servers
(FreeBSD or Solaris), not NT), we've been too kind to Microsoft lately.

From: Jamie McCarthy

Greg Roelofs writes:

>  - We already knew IE 5 and ActiveX were a disaster waiting to happen;
>    now it has:

	[Warning, this article sends you off for an explanation on the
	 discoverer's web page; the page not only explains the
	 exploit, it uses it. --- pozzo]

>    Apparently if you visit a properly constructed web page, you've just
>    given away your entire system.  This one's better than Hotmail, in my
>    book.  Hee hee.

This follows on the heels of a major security flaw in Microsoft's
implementation of the Java Virtual Machine.  (Apparently there is no
scripting language that they are unable to introduce gaping security chasms
into.)  This one is just as bad:  gives away your entire system when you
visit the wrong webpage, or even just receive email with the payload:

   The security hole, present in most copies of Windows 95 and all versions
   of Windows 98, would allow a malcontent to conceal malicious computer
   code in an email message or Web page that can surreptitiously modify
   files, reformat a hard drive, or execute any DOS command.

   "It's the Melissa virus, but even worse," says Dan Wallach, an assistant
   professor of computer science at Rice University who is one of the team
   members. "The Melissa virus required someone to click 'OK.' This doesn't."

This has not been a good week for Microsoft's security team.
- --
        Jamie McCarthy

prev [=] prev © 1999 Peter Langston []