Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

highjacked e-mail attachment

Posted on 2004-10-06
9
Medium Priority
?
263 Views
Last Modified: 2013-12-04
I not sure that "Security" is the correct topic... but it seamed the best choice... so ...

Quick History:
we working with MS Word 2003 we have created a large document (20 pages or so ) that include photos/graphics. Some of the images will allow me to edit them... other however say that they are linked and cannot be edited.

What we did:
We sent the document using the : file, Send to, mail recipient: in word to an e-mail address...

What the problem was:
when the receiver of the e-mail opened the e-mail  all of the "linked" images were replaced by a  porn video! ... Ahhhhhg
the file names (as should be from word) are in a numbered sequence i.e. file001.jpg, file002.jpg...  but the Jpg extension now reads mvz

We repeated this error when we sent the same file to a computer inside our office.

after a lot of digging around we discovered that the video files were being linked to a porn website http://www.####.########.com /filename.wmz

we have done a in-depth search on both the computer that sent the e-mail and the server that the file was stored and can not find any references to the video file or the website on or in any of the files on theses computers.

We sent the document using the : file, Send to, mail recipient(as Attachment) : in word to an e-mail address, with no problem.

this is the only file so far that has had this problem ...

the question is  .....
has anybody herd of email attachments being hijacked.
do i have an issue that is going to sneak up again when we least expect it?
0
Comment
Question by:sgfx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Expert Comment

by:dev8
ID: 12241999
Hello,

Have you ran a spyware program against the machine that sent the email?
0
 
LVL 29

Accepted Solution

by:
blue_zee earned 2000 total points
ID: 12243070

I would suspect the new JPEG processing vulnerability, patches already available from Microsoft:

http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

Quote:
The GDI+ security update for September 2004 addresses newly discovered issues in JPEG processing technology. This issue affects software that supports this image format, including some versions of Microsoft Windows, Microsoft Office, and Microsoft developer tools. If you have any of the listed software installed on your computer, you should install the related update.

Depending on the software you are using, you may need to install multiple updates from multiple locations.
Unquote

Good luck!

Zee
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12243140
Bad news; this is a very serious issue, thanks for posting the link here, Zee.

I guess, due to all these new vulnerabilities, I'd go with using PDF formats instead for future reference; since you can imbed photos, text, hyperlinks and so on and add security as well, something about those options here:
http://www.adobe.com/products/acrobat/adobepdf.html
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 29

Expert Comment

by:blue_zee
ID: 12247147

sgfx,

Being a recently discovered exploit, please do keep us updated on your troubleshooting.

This will also be a learning experience for us!

Thank you!

Zee
0
 

Author Comment

by:sgfx
ID: 12249266
Thanks ZEE ..
i am checking all my computers now... afterwards i will try to recreate the problem buy sending the same e-mail the same way [to myself this time :)  ] and see if this fixes the issue.
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 14136220
I agree.  ":0) Asta
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question