Comment Articles

Why can't we stop the worms?

Robert Vamosi AnchorDesk

Published: 04 Dec 2001 17:09 GMT

Within the last few weeks, several worms have taken advantage of a single vulnerability in Internet Explorer to assault computers worldwide. It's a vulnerability that allows the worm's code to execute automatically on some computers.

Instead of requiring a user to open an infected email in Outlook and then actually click on the attached file to launch the program, these new worms work differently. They take advantage of the so-called "Incorrect MIME Header Can Cause IE to Execute email Attachment" vulnerability in Internet Explorer 5.01 and 5.5, which allows the worms to automatically execute upon arrival -- no clicking necessary.

What is odd is that Microsoft patched this vulnerability earlier this year.

Nevertheless, the Incorrect MIME vulnerability is hot, hot, hot within virus-writing circles. The vulnerability affects certain Multipurpose Internet Mail Extensions (MIME) types. For example, if someone sends a video email, a viewer will open to display the video. In this case, if someone sends certain types of executable files, these also open automatically, even if they contain malicious code.

As I write this, Badtrans.B has replaced Sircam as the #1 virus on Messagelabs' Top Ten daily graph. Badtrans.B achieved this distinction because it recycles existing email, sending copies to people as though you were replying.

However, if you already loaded the Service Pack 2 for 5.01, then you don't need to run the MS01-020 patch. If you're running Internet Explorer 5.5, then download the MS01-020 patch.