DGLInfo: Have You Received An HTML Or Email Bomb?

Have You Received An HTML Or Email Bomb?
Virus affects HTML in Web browswers and email clients

Last year the good times virus, which announced that a virus could be sent via email, was correctly dismissed as a hoax; but not before raising quite a ruckus across the Internet.

But, now there is a true HTML virus that can affect users of not only web browsers but also email clients.

We learned of a recent posting on Compuserve Information Service that teaches how to create a virus that forces web browsers to retrieve data from internal hardware devices such as communication and printer ports. This code can cause the browsing workstation to hang or lockup, thus requiring a reboot of the computer system .

Restarting the computer is a minor annoyance; however, if there were any unsaved work in another open application, that work may be lost during the reboot.

Since Netscape Navigator's email client now allows the viewing of HTML commands within an email message, the offending commands can now affect the system via email. And, Navigator does not allow an email message to be deleted unless it is first viewed--thus allowing the virus to act upon the system.

We are continuing to evaluate the risk of the virus, and are reviewing how other email clients, such as Qualcomm's Eudora Pro 3.0 which allows HTML codes to be displayed within an email message, may be affected by this virus.

As we uncover more information about this virus and learn of a prevention tool, we'll post it to ITINFO.

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at dgl.com/dglinfo.

updated October 5, 1996
http://dgl.com/dglinfo/1996/dg961005.html