sgfx
asked on
highjacked e-mail attachment
I not sure that "Security" is the correct topic... but it seamed the best choice... so ...
Quick History:
we working with MS Word 2003 we have created a large document (20 pages or so ) that include photos/graphics. Some of the images will allow me to edit them... other however say that they are linked and cannot be edited.
What we did:
We sent the document using the : file, Send to, mail recipient: in word to an e-mail address...
What the problem was:
when the receiver of the e-mail opened the e-mail all of the "linked" images were replaced by a porn video! ... Ahhhhhg
the file names (as should be from word) are in a numbered sequence i.e. file001.jpg, file002.jpg... but the Jpg extension now reads mvz
We repeated this error when we sent the same file to a computer inside our office.
after a lot of digging around we discovered that the video files were being linked to a porn website http://www.####.########.com /filename.wmz
we have done a in-depth search on both the computer that sent the e-mail and the server that the file was stored and can not find any references to the video file or the website on or in any of the files on theses computers.
We sent the document using the : file, Send to, mail recipient(as Attachment) : in word to an e-mail address, with no problem.
this is the only file so far that has had this problem ...
the question is .....
has anybody herd of email attachments being hijacked.
do i have an issue that is going to sneak up again when we least expect it?
Quick History:
we working with MS Word 2003 we have created a large document (20 pages or so ) that include photos/graphics. Some of the images will allow me to edit them... other however say that they are linked and cannot be edited.
What we did:
We sent the document using the : file, Send to, mail recipient: in word to an e-mail address...
What the problem was:
when the receiver of the e-mail opened the e-mail all of the "linked" images were replaced by a porn video! ... Ahhhhhg
the file names (as should be from word) are in a numbered sequence i.e. file001.jpg, file002.jpg... but the Jpg extension now reads mvz
We repeated this error when we sent the same file to a computer inside our office.
after a lot of digging around we discovered that the video files were being linked to a porn website http://www.####.########.com /filename.wmz
we have done a in-depth search on both the computer that sent the e-mail and the server that the file was stored and can not find any references to the video file or the website on or in any of the files on theses computers.
We sent the document using the : file, Send to, mail recipient(as Attachment) : in word to an e-mail address, with no problem.
this is the only file so far that has had this problem ...
the question is .....
has anybody herd of email attachments being hijacked.
do i have an issue that is going to sneak up again when we least expect it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Bad news; this is a very serious issue, thanks for posting the link here, Zee.
I guess, due to all these new vulnerabilities, I'd go with using PDF formats instead for future reference; since you can imbed photos, text, hyperlinks and so on and add security as well, something about those options here:
http://www.adobe.com/products/acrobat/adobepdf.html
I guess, due to all these new vulnerabilities, I'd go with using PDF formats instead for future reference; since you can imbed photos, text, hyperlinks and so on and add security as well, something about those options here:
http://www.adobe.com/products/acrobat/adobepdf.html
sgfx,
Being a recently discovered exploit, please do keep us updated on your troubleshooting.
This will also be a learning experience for us!
Thank you!
Zee
ASKER
Thanks ZEE ..
i am checking all my computers now... afterwards i will try to recreate the problem buy sending the same e-mail the same way [to myself this time :) ] and see if this fixes the issue.
i am checking all my computers now... afterwards i will try to recreate the problem buy sending the same e-mail the same way [to myself this time :) ] and see if this fixes the issue.
I agree. ":0) Asta
Have you ran a spyware program against the machine that sent the email?