Here is the fatal combination:
You don't have to open any attachments. You don't even have to fully open the e-mail. Just the message appearing in the preview window is sufficent. If your in-box is empty, it will run immediately. You can just be viewing a Web site - even e-mail isn't required.
If you have Access on your computer, even if (especially if) you never use it, you must execute the following procedure to secure your system. This attack is so simple lots of kiddies will be trying it now that it is known.
For more information, and for information on the Office HTML Script Vulnerabilty, visit the SANS Institute.
For information on other Windows / Outlook threats, visit our Viruses, Worms and Other Threats page.
- Automation Access
Velocity Networks: Network Consulting Service - Internet Service Provider - Web Page Design and Hosting
All trademarks and trade names are recognized as property of their owners