Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message

from [Nick FitzGerald] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
Date: Fri, 30 Dec 2005 13:57:01 +1300 
Valdis.Kletnieks@vt.edu to Michael Holstein:


ignoring the magic bits in the header. The next round of "social 
engineering" emails that say :

"rename the attached .fix file to .exe so you can run it correctly"

are just around the corner.


I believe this has already been spotted in the wild...


Huh???

Someone has not been keeping up with their reading...

It has been known for quite some time now that, depending on the 
flavour of Windows you run, simply renaming various kinds of files 
(including MZ/PE .EXEs and OLE2s) to unregistered extensions leaves 
them totally "executable" or "openable" _as usual with the normal 
extension_.

And yes, I believe that this has been exploited in mass-mailing and 
spam-seeded malware instances.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] complaints about the governemnt spying!, Román Ramírez
Next by Date:  Re: [Full-disclosure][WAY OFF TOPIC] complaints about the governemnt spying!, zap zoid
Previous by Thread:  Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken., Valdis . Kletnieks
Next by Thread:  Re: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken., Leif Ericksen
Indexes:  [Date] [Thread] [Top] [All Lists]