Information on Computer Viruses & Worms in HTML Email

Welcome!

This is a simple text page describing why HTML email posts are not allowed. Note that more of these type viruses & worms are being created almost daily!! (All links were still active as of 5-08-01). See the bottom of this page for how to change your respective email programs to send in plain text to your email lists.

http://www.wired.com/news/technology/0,1282,16206,00.html

http://wuecon.wustl.edu/~ec110ev/fa99/resources.html

http://www.msexchange.org/misc/News/htmlmail.html
"HTML MAIL CAN TRIGGER ATTACHMENTS AUTOMATICALLY HTML mail adds dangerous exposure - Mail essentials protects against this new breed of virus at server level"

http://www.vnunet.com/News/69030

http://www.aas.duke.edu/comp/security/virus/kak.html

http://ffni.com/support/kak-worm-info.htm

http://dgl.com/pdf/ft961012.pdf (article in the center)

http://dgl.com/dglinfo/1996/dg961005.html

http://dgl.com/dglinfo/1998/dg981222.html
Note where it states; "The virus is memory resident, encrypts EXE, TXT, and HTML files." "The most outstanding characteristics is that it can move/transport itself without typical user intervention...."
and...
"It uses an encryption algorithm on data files including TXT and HTML formats...."

http://www.msexchange.org/software/exchsecurity.htm
Note: ".....Viruses, spam, dangerous or offensive attachments & content such as Word macros, HTML SCRIPTS....."

http://www.vnunet.com/News/1120450
Note: ".....HTML mails, which are effectively websites, could potentially run an embedded file attachment containing malicious code if a user previews the code using Outlook. The user would not even have to open the message to activate the code, according to security firm GFI....."
and
"....."HTML mail viruses are becoming more sophisticated and more difficult to detect and stop," said Galea. "The recently discovered vulnerability is a clear example of how dangerous HTML mail scripting can be. Exploits like this indicate that other such HTML viruses lie close ahead."

http://www.sans.org/newlook/alerts/virus.htm
Note: "....When malicious code comes in email, the receiver does not have to open any attachment to "catch the virus." It is transmitted as soon as the html-enabled email reader displays the message..."
and
"....Email viruses are now spreading WITHOUT THE USER OPENING ANY ATTACHMENT. Personal computers running Internet Explorer (IE) version 5.0 and/or Microsoft Office 2000 are vulnerable to virus attacks using most HTML-enabled email systems, even if the email recipient opens no attachments."

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_17TH.FLY

http://www.antivirus.com/vinfo/virusencyclo/glossary.asp#Script_Viruses
Note: "HTML viruses use the scripts embedded in HTML files to do their damage. These embedded scripts automatically execute the moment the HTML page is viewed from a script-enabled browser." (which applies to HTML email as well)

Here are several more HTML viruses.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_Activex.1

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_Activex.2

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_ANTIMP3

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_Belalang

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_BULBASAUR

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_CHANGO

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_CHARLENE

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_CRASHIE

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=HTML_DAJJAL.A

and there are EIGHTY MORE SO FAR I have found JUST at this one website, among them:

HTML_DAVINIA.A
Aliases: DAVINIA.A
This is an HTML virus.

HTML_DAVINIA.B
Aliases: DAVINIA.B
This is an HTML virus.

HTML_DAYDREAM
Aliases: DAYDREAM
This is an HTML virus.

HTML_DEDICATED
Aliases: DEDICATED
This is an HTML virus.

HTML_DEVOLVE-O
Aliases: DEVOLVE
This is an HTML virus.

HTML_E.GEN
Aliases: E.GEN
This is an HTML virus.

HTML_ELVA
Aliases: ELVA
This is an HTML virus.

HTML_FORGOTTEN.A
Aliases: FORGOTTEN.A
This is an HTML virus.

HTML_FUNKYDEAMON
Aliases: FUNKYDEAMON
This is an HTML virus.

HTML_GENERATOR
Aliases: GENERATOR
This is an HTML virus.

So, PLEASE, DO NOT POST YOUR EMAIL IN HTML FORMAT! :)

Remember that just because you have your AV software programs updated and have all the patches from the windows update site, DOES NOT make you immune! Your AV programs can only protect you about what they CURRENTLY are aware of!

Your fellow list members thank you, as well as your list administrators/moderators/owners.
Thanks!!

(This page is provided as a courtesy from OrpheusComputing.com. If you have any thing to add to this page, please contact us here.)