You'd like to think that as some of the latest products offer you more control, you don't end up giving control away to someone else. Well, in the case of Microsoft Outlook 98, 2000, or 2002 (the version that ships with Office XP), the latest security threat opens up just that possibility.
The issue involves a new feature called View Control that uses ActiveX. View Control displays information from Outlook in a browser window, and it ships with Outlook 2002 in Office XP. But the feature also works with Outlook 98 and 2000--a fact, it turns out, that a malicious hacker can exploit, whether you have loaded View Control or not.
Bug expert Georgi Guninski discovered that a miscreant can construct a Web page or an HTML e-mail that embeds View Control. If you then click the control, the hacker can take over your system and delete files. Even if your PC does not have the View Control feature, once you click the control on a Web page, the program tries to download itself to your PC. However, you do receive a prompt alerting you to the download first.
Microsoft has acknowledged the flaw and says it is working on a patch to plug the hole. Until the fix appears, you can work around the vulnerability by stopping ActiveX controls from running. Check out the Microsoft posting to learn how to disable the controls.
Sircam Not Over Yet
Do you remember the SirCam worm attack? This nasty piece of code replicated via e-mail. Once activated, SirCam randomly selected a document from a victim's computer, attached the document to an e-mail message, and mass-mailed itself to everyone in the victim's address book.
You may not think that your system was infected at an earlier time because the worm didn't cause immediate damage, but you could be in for a nasty surprise on October 16.
If you've set your system to use the European date format (day/month/year), and your PC gets contaminated, you run a 1-in-20 chance that SirCam will delete all the files on your hard drive on that date.
Here's how to tell whether an e-mail message is infected: The body of the text message begins with the innocuous "Hi! How are you?" or with its Spanish equivalent, "Hola como estas?" But the dead giveaway is the attached file that shows a double extension on the end of its name. As the e-mail is sent off, the worm appends an extra extension (.bat, .com, .lnk, or .pif) to the name of the file it selected. So a tainted file would become named "filename.doc.com," for instance. One way to tell if your computer is already infected: You'll find a file named SCam32.exe in the Windows\System directory.
Protect your PC by getting the latest virus definition file from your antivirus company. McAfee and Symantec say that their programs--armed with any virus definition file dated July 17 or later--will detect the SirCam worm in an incoming e-mail message and alert you. Read McAfee's instructions on how to remove the worm, or read step-by-step advice from Symantec.
Stuart J. Johnston is a contributing editor for PC World.- Page 1 of 2
- Next »
Would you recommend this story? YES NO
-
Speed Up Everything!
PCWorld shows you the secrets to improve performance on all your hardware.
-
Master Windows 7!
Our expert guide will help you get the most out of Windows 7.
-
Make Thunderbird Mark Messages as Read After You Reply
-
How to Convert an Ebook to the Amazon Kindle Format
-
Preview Gmail Messages Before Opening Them
-
Make Outlook Automatically Spell-Check Your E-mail
-
A Potential Fix for the Outlook 'General Failure' Error
-
How to Email Like a Pro
-
How to Use Gmail Filters
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
- Apple: Apps That Take Your Contact Info Are in Violation, Fix Coming Soon Apple says it will fix iOS so that apps will have to request explicit user permission to access Address Book data.
- How to Copy a File Path to the Clipboard And why would you want to do that? Simple: So it's easier to find that file when you want to upload it somewhere.
- New York Cab Traffic Creates a Surprisingly Accurate Map of the City A new video uses location data from 100,000 cab rides to show a day in NYC.
- Six Ways Apple Can Take the iPad 3 to the Next Level What features or capabilities should Apple include in the iPad 3 to set it apart from tablet rivals and make it a worthwhile upgrade for current iPad owners?
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Apple: Apps That Take Your Contact Info Are in Violation, Fix Coming Soon
-
FBI Says Social Media Monitoring Won't Infringe Privacy Rights
-
How to Block Websites
-
Is Your Definition of Security Holding You Back?
-
How Do I See Who's Been Using My PC?
-
Piracy Driven by Overseas Film Release Lag Time, Researchers Say
-
Kill Web Trackers Dead
-
Online Dating Sites: Seek Love, Find Privacy Violations
-
Anti-Piracy Concerns Spread to Europe
-
Microsoft Readies Valentine's Day Windows Patches
-
Cybercrooks Sell Stolen Facebook, Twitter Log-ins
-
Hack Attacks Proliferate with CIA, State of Alabama Latest Victims
Ad Choices