GoFuckYourself.com - Adult Webmaster Forum - View Single Post

brazz · 11-26-2001, 06:06 AM

Timinator,
My machine is running W2K Server; I never used Outlook Express, but it was self installed, and I got infected with Nimda and CodeRed.
I am completely ignorant about security issues; I spoke to some friends of mine (not specialists either, but a bit more well informed than me), they said that OutlookExpress (and only it) has some vulnerabilities which are easily exploited by hidding some malicious VB code in other Microsoft programs macros (Microsoft´s intention would be to make easier for Excel, Word, Access, *OutlookExpress* to exchange files among them). So, as I understood, just having OutlooExpress installed in your machine was a security hole, and I was advised to uninstall it.
The Iloveyou, as an example, was sent as Iloveyou.jpg.vbs. This extension means it is a disguised VBasic coded macro; thanks to Microsoft's good intentions, this code is capable of activating Outlook Express, query the addresses list, maybe pick some other files in the user´s machine (like CodeRed did), send the mails to the the addresses, etc. That´s why Outlook Express is THE MOST vulnerable mail tool.

But, again, this is what I was told, I have no background whatsoever to argue with anyone about this matter (this is not sarcasm).
If possible, could anybody please clarify how far out I am?
Thanks,

[This message has been edited by brazz (edited 11-26-2001).]

[This message has been edited by brazz (edited 11-26-2001).]

11-26-2001, 06:06 AM
brazz Confirmed User Join Date: May 2001 Posts: 135	Timinator, My machine is running W2K Server; I never used Outlook Express, but it was self installed, and I got infected with Nimda and CodeRed. I am completely ignorant about security issues; I spoke to some friends of mine (not specialists either, but a bit more well informed than me), they said that OutlookExpress (and only it) has some vulnerabilities which are easily exploited by hidding some malicious VB code in other Microsoft programs macros (Microsoft´s intention would be to make easier for Excel, Word, Access, OutlookExpress to exchange files among them). So, as I understood, just having OutlooExpress installed in your machine was a security hole, and I was advised to uninstall it. The Iloveyou, as an example, was sent as Iloveyou.jpg.vbs. This extension means it is a disguised VBasic coded macro; thanks to Microsoft's good intentions, this code is capable of activating Outlook Express, query the addresses list, maybe pick some other files in the user´s machine (like CodeRed did), send the mails to the the addresses, etc. That´s why Outlook Express is THE MOST vulnerable mail tool. But, again, this is what I was told, I have no background whatsoever to argue with anyone about this matter (this is not sarcasm). If possible, could anybody please clarify how far out I am? Thanks, [This message has been edited by brazz (edited 11-26-2001).] [This message has been edited by brazz (edited 11-26-2001).]