New Virus Exploits MHTML Dumbness
We've just encountered a new virus that I can't seem to find anything about. It exploits one of the weaknesses of Mail-HTML, namely using a link to run an executable.
For Example, this mail body reads:
Received message is available at:www.cg.org/inbox/nprotected/read.php?sessionid-3140
But the link goes to:
mhtml:mid://00005642/!cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re
displayed in source as
When you click on it, it runs the attachment, even on my fully patched install of outlook.
Thank god the server doesn't let through executable attachments, but I have a feeling home users are in for a doozy.
Most techs I know only advise users not to click on attachments; links, until this point, have been fair-game. If this virus propogates as quickly as I think it might, we won't have time to warn the users.
After a wonderfully successful install of Mozilla Thunderbird at my parents house, I don't see any reason to keep home users on Outlook Express while it's being targeted so heavily.
