> Actually, html enabled mail clients are absolutely the virus writer's best
> friend. Outlook, GW, Eudora, et cetera that are able to display inline
> (online) html web content can contain all sorts of nifty things.
> If you have an email client that is able to display a page sent via email,
> either as a link, or as content, then the code (java, perl, cgi links etc)
> can be embedded.
> Having a "preview" mode only makes it worse. Suppose you have preview,
and
> a linked page with some nasty back-end java or ActiveX is in there? As
the
> client OPENS the message to allow a preview, the damage is already done
(if
> damage is there to do). The origins of this are found in ANSI bombs that
> stuffed the keyboard buffer, re-wrote code (via debug), and various other
> nefarious schemes.
John and Spitters,
I've got Outlook Express and when ever someone sends me something, like a
picture, it sometimes shows up in the body of the email. Is this what you're
talking about? If so, how can I configure my PC so that I have to click on
the attachment in order to see it, thereby making unwanted stuff from
unknown sources easy to delete? John, anyone?
Tom Shirley - Chattanooga, TN
http://www.geocities.com/baddogracing/
|