[Mimedefang] Internet Virus hits IIS
Kenneth Porter
shiva at sewingwitch.com
Mon Jun 28 20:14:52 EDT 2004
--On Monday, June 28, 2004 10:59 AM -0400 Joseph Brennan
<brennan at columbia.edu> wrote:
> Anyone have a clue what the bad code is, so we could reject mail
> containing it?
I believe the issue is that IE ignores MIME type inconsistently when
deciding what to do with web content. The hostile website hosts a file with
a graphic filename extension (eg. .jpg or .gif) but the file is actually
HTML with hostile JavaScript capable of downloading and running an
executable. IE interprets the HTML, runs the JS and trojans the machine.
I recall bitching at one webmaster last year because his traceroute script
output HTML but without a text/html MIME type, and Mozilla displayed the
source, not the desired output. The script had obviously been tested only
with IE, which "helpfully" interpreted the HTML because it had HTML tags in
it.
To effectively block, you'd need to block all links with graphic extensions.
More information about the MIMEDefang
mailing list