Prevent Malicious Embedded IFRAMES?? 
Author Message
 Prevent Malicious Embedded IFRAMES??

Outlook version: Outlook 2000
Operating System: Win98SE
IE version: 6 with latest SP
 {Security - Launching programs and files in an IFRAME is set to
  PROMPT}
Antivirus: Norton AV 2002 with latest definitions

Having upgraded IE6 to the latest SP, I thought it was supposed to
prevent any embedded IFRAME code execution.

I have been getting HTML Mail from various senders that have the
content shown below. I can not find any attachments, nor any malicious
code in the HTML saved when saving the message.

Here is the source of the HTML in the message, I saved it to my local
drive:
/*
 replaced the < and > with [ and ] and

*/

[!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"]
[HTML][HEAD]
[META http-equiv=Content-Type content="text/html; charset=iso-8859-1"]
[META content="MSHTML 6.00.2800.1106" name=GENERATOR][/HEAD]

[/B]
Thursday, November 21, 2002 5:22 PM[BR][B]To:[/B]

src="cid:V34j80Mb14" width=0 height=0]
[/IFRAME][FONT
size=+0][/FONT][/BODY][/HTML]

However, upon viewing the msg, an email is placed in the Outbox and
sent with NO HEADERS and only the minimum forwarding headers for a
forwarded message and sent to only ONE of person in my address book, It
is always the same person, too. When I check Options on the message,
the
Internet headers are completely empty!

Here is the message that was sent out, I saved it to my local drive:
/*
 replaced the < and > with [ and ] and
 my address and recipient's address with

*/

[!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"]
[HTML][HEAD]
[META http-equiv=Content-Type content="text/html; charset=iso-8859-1"]
[META content="MSHTML 6.00.2800.1106" name=GENERATOR][/HEAD]

Thursday, November 21, 2002 8:48 PM[BR][B]To:[/B]

[DIV]&nbsp;[/DIV]
[BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px
solid"]
  [DIV class=OutlookMessageHeader dir=ltr align=left][FONT face=Tahoma

Quote:
  size=2]-----Original Message-----[BR][B]From:[/B] 22factoring

21, 2002

  FrameSpacing[BR][BR][/FONT][/DIV][IFRAME src="cid:V34j80Mb14" width=0
  height=0]
[/IFRAME][/BLOCKQUOTE][FONT size=+0][/FONT][/BODY][/HTML]

Usually when you have a cid:xxxxxx you have an attachment or in-line
FILE. In this case, I see neither: cid:V34j80Mb14 (these numbers are
random in each msg)

Please tell me how to avoid this happening, it is driving me, and
my friend nuts. I'm pretty sure that many folks out there are seeing
the same thing happen on their system, they just don't know what is
causing it...

Folks in the Outlook groups ignored this message...



Sat, 14 May 2005 05:44:33 GMT  
 
 [ 1 post ] 

 Relevant Pages 

1. protect embedded interpreter from malicious clients

2. Embedding menus in frames prevents alt+key defaults?

3. Embedding menus in frames prevents alt+key defaults?

4. Mainframe Malicious Code

5. Malicious email with W32.Klez.H@.mm attachment

6. Antigen found VIRUS= Exploit.IFrame.FileDownload (Kaspersky) viru s

7. Antigen found VIRUS= Exploit.IFrame.FileDownload (Kaspersky) viru s

8. Antigen found VIRUS= Exploit.IFrame.FileDownload (Kaspersky) viru s

9. iframes in forms

10. Sessions and iframes (or frames)?

11. Antigen found HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) virus

12. Antigen found HTML/MimeExploit.IFRAME (CA(InoculateIT),CA(Vet)) v irus

 

 
Powered by phpBB® Forum Software