smileycentral spyware via 'good luck' email?

TheMSsForum.com: The Microsoft Software Forum

I recently forwarded a 'funny' email from a relative. When I opened it, I
was hit with the MSIE notification I was about to visit a secure website.
Since there is no way to say "NO!" to this notification, I forced Outlook to
close via Task Manager.

I later saved the message as a msg file and inspected the HTML part. It was
a 'pass it on and have good luck' message filled with references to
smileycentral.com, both to web pages and .gif files. But none of these
addresses were HTTPS. The only thing I can figure is that one of the image
files was being redirected to a secure site.

What would be the purpose of this? Is there a vulnerability in Outlook
2000/MSIE that would allow smileycentral to install spyware via such an
email?

thanks,
nf
Top

Re: smileycentral spyware via 'good luck' email? by Tom

Tom
Sun Mar 20 12:48:25 CST 2005

Yes there are always vulnerabilities that would allow this. If you're
unpatched.

Visiting smileycentral.com should be ok. However remember if you
download their smilies, it will install an extra button and toolbar to
your browser.


--
http://www.tditcorp.com <-- keep your computer safe and secure the easy
way!

nutso fasst wrote:
> I recently forwarded a 'funny' email from a relative. When I opened it, I
> was hit with the MSIE notification I was about to visit a secure website.
> Since there is no way to say "NO!" to this notification, I forced Outlook to
> close via Task Manager.
>
> I later saved the message as a msg file and inspected the HTML part. It was
> a 'pass it on and have good luck' message filled with references to
> smileycentral.com, both to web pages and .gif files. But none of these
> addresses were HTTPS. The only thing I can figure is that one of the image
> files was being redirected to a secure site.
>
> What would be the purpose of this? Is there a vulnerability in Outlook
> 2000/MSIE that would allow smileycentral to install spyware via such an
> email?
>
> thanks,
> nf
>
>
>
>
Top

Re: smileycentral spyware via 'good luck' email? by nutso

nutso
Wed Mar 23 03:08:02 CST 2005


"Tom - www.tditcorp.com" <tom999@ica.net> wrote in message
news:IfudnZJ7ye_kWKDfRVn-1w@rogers.com...
> Yes there are always vulnerabilities that would allow this. If you're
> unpatched.

I do not think there must always be vulnerabilities. In this case my system
is fully patched. Looking again at the HTML content, I see that most images
are embedded. Only one is referenced on a remote location:
<IMG id=MA9.1099783006 title=http://www.smileycentral.com/?partner=ZSzeb001
height=37 alt=http://www.smileycentral.com/?partner=ZSzeb001
src="http://mailcenter2.comcast.net/wmc/v/wm/423837ED000B2E7400005E3C2205884
4840A9D0E9C020A04040E0A089B?cmd=GetImg&amp;no=3&amp;uid=8409&amp;sid=c0&amp;
name=269628-22005361212115 387554@13071999" width=53 border=0>

Does the source address look like an image file to you? If Outlook is
accepting redirection of this supposed image resource to a secure web page
then it is not yet patched enough.

Hmm, what is smileycentral's relationship with Comcast?

> Visiting smileycentral.com should be ok. However remember if you
> download their smilies, it will install an extra button and toolbar to
> your browser.

I know enough about smileycentral to believe that if they put a toolbar on
IE, they are also adding spyware.

Thanks for taking the time to reply.

nf


Top