Lately when viewing email messages I get this window constantly:
" Internet explorer: An active x control on this page might be unsafe to interact with other parts of the page.Do you want to allow this interaction?"
Anyone know what gives?
------------------
Van Canna
outlook express
Moderator: Scott Danziger
-
Scott Danziger
- Posts: 929
- Joined: Thu Sep 17, 1998 6:01 am
- Location: Long Island
- Contact:
outlook express
The only thing I could find relating to the message you got was found at the end of the first paragraph at the following link: http://ciac.llnl.gov/ciac/bulletins/j-018.shtml
Tony or Allan would probably be able to help you better.
Scott
Tony or Allan would probably be able to help you better.
Scott
outlook express
So what's the best way to get rid of it?
I only get this warning when reading my mail .
------------------
Van Canna
I only get this warning when reading my mail .
------------------
Van Canna
-
Allen M.
outlook express
I have my security turned up pretty tight in Internet Explorer, so I get the same message when going to a page that has an Active-X control on it. If you don't want the message anymore, Van, loosen the screws on the security in I.E. Otherwise, bypass the message box that pops up and you will most likely read the URL ok.
I absolutely hate it when another website deposits cookies and active-X controls on my PC, so I am always doing housekeeping. Cookies will track you, and an Active-X control is, for all practical intents and purposes an application that is run by an exterior source. An executable deposited on your machine by a rogue source can make the Active-X do things to your computer. Watch out for them. Right now, they are mostly benign, but that will not always be the case. Active-X is kind of a sophisticated DLL, was once called OLE, and now it is being called COM and DCOM. All four mean almost the same, but are not quite.
Outlook Express is known to/has been known to have big security holes in it, large enough to drive a semi through. You really should investigate another emailer, Van.
On Internet Explorer, go to the Tools menu, and select internet options. Click on the security tab of the tabbed dialog box. This will expose your security settings. Crank them up or down to your heart’s content. But remember, the internet is becoming more vicious by the day so it is preferable to have more security than less security. I believe Norton’s firewall also gives some course granular selection over Active-X controls.
Here is a printout of the security tab, and it may also control O.E.
I don't know the hard answer, to your specific problem, Van, because I don't and WON'T use Outlook Express. However, if you only get the message when you read email, the email message most likely is encoded in HTML with some sort of Active-X control embedded in it. Most emails do not do this. If you know who you are receiving the email from, Van, and you trust the content of the email, it may be nothing to worry about. However, on the other hand, if it is some strange email address, or is identified as some sort of advertisement, you may not only want to trash it from inside I.E., but go right inside the directory where it resides, delete it, then empty the trash.
Also, Van, you might want to apply virus protection directly to your system BIOS. Once a virus gets in there, it's all over.
Hope this helps a little.
------------------
Allen Moulton from http://www.ury2k.com/<font color=white>
[This message has been edited by Allen M. (edited December 23, 2000).]
I absolutely hate it when another website deposits cookies and active-X controls on my PC, so I am always doing housekeeping. Cookies will track you, and an Active-X control is, for all practical intents and purposes an application that is run by an exterior source. An executable deposited on your machine by a rogue source can make the Active-X do things to your computer. Watch out for them. Right now, they are mostly benign, but that will not always be the case. Active-X is kind of a sophisticated DLL, was once called OLE, and now it is being called COM and DCOM. All four mean almost the same, but are not quite.
Outlook Express is known to/has been known to have big security holes in it, large enough to drive a semi through. You really should investigate another emailer, Van.
On Internet Explorer, go to the Tools menu, and select internet options. Click on the security tab of the tabbed dialog box. This will expose your security settings. Crank them up or down to your heart’s content. But remember, the internet is becoming more vicious by the day so it is preferable to have more security than less security. I believe Norton’s firewall also gives some course granular selection over Active-X controls.
Here is a printout of the security tab, and it may also control O.E.
I don't know the hard answer, to your specific problem, Van, because I don't and WON'T use Outlook Express. However, if you only get the message when you read email, the email message most likely is encoded in HTML with some sort of Active-X control embedded in it. Most emails do not do this. If you know who you are receiving the email from, Van, and you trust the content of the email, it may be nothing to worry about. However, on the other hand, if it is some strange email address, or is identified as some sort of advertisement, you may not only want to trash it from inside I.E., but go right inside the directory where it resides, delete it, then empty the trash.
Also, Van, you might want to apply virus protection directly to your system BIOS. Once a virus gets in there, it's all over.
Hope this helps a little.
------------------
Allen Moulton from http://www.ury2k.com/<font color=white>
[This message has been edited by Allen M. (edited December 23, 2000).]
-
gmattson
- Site Admin
- Posts: 6073
- Joined: Wed Sep 16, 1998 6:01 am
- Location: Lake Mary, Florida
- Contact:
outlook express
After being stung once by an email virus, I deleted an email today from a student of mine who sent an attachment without a message.
The attachment was called happy99.exe
Anything with "happy" in it bothers me. The fact that someone would send it to me without a message also bothers me. Anyone know if it is a virus or a harmless web card?
The attachment was called happy99.exe
Anything with "happy" in it bothers me. The fact that someone would send it to me without a message also bothers me. Anyone know if it is a virus or a harmless web card?
outlook express
Thanks Allen_
I have set security to medium. But I do like outlook express!
------------------
Van Canna
I have set security to medium. But I do like outlook express!
------------------
Van Canna
-
Scott Danziger
- Posts: 929
- Joined: Thu Sep 17, 1998 6:01 am
- Location: Long Island
- Contact:
outlook express
NAME: Ska
ALIAS: Happy99, WSOCK32.SKA, SKA.EXE, I-Worm.Happy, PE_SKA, Happy
SIZE: 10000
Win32/Ska.A is a Win32-based e-mail and newsgroup worm. It displays fireworks when executed first time as Happy99.exe. (Normally this file arrives as an e-mail attachment to a particular PC, or it is downloaded from a newsgroup.)
When the Happy99.exe file has been executed, every e-mail and newsgroup posting sent from the machine will cause a second message to be sent. This will contain the same sender and recipient information but contains no text, just the Happy99.exe file itself as an attachment.
Since people will usually receive Happy99.exe from someone they know (as you normally get e-mail from someone you know), people tend to trust this attachment, and run it.
When executed first time, it creates SKA.EXE and SKA.DLL in the system directory. SKA.EXE is a copy of HAPPY99.EXE. SKA.DLL is packed inside SKA.EXE. After this Ska creates a copy of WSOCK32.DLL as WSOCK32.SKA in the system directory. Then it tries to patch WSOCK32.DLL so that its export entries for two functions will point to new routines (to the worm's own functions) inside the patched WSOCK32.DLL. If WSOCK32.DLL is in use, Ska.A modifies the registry's RunOnce entry to execute SKA.EXE during next boot-up. (When executed as SKA.EXE it does not display the firework, just tries to patch WSOCK32.DLL until it is not used.)
"Connect" and "Send" exports are patched in WSOCK32.DLL. Thus the worm is able to see if the local user has any activity on network. When "Connect" or "Send" APIs are called, Ska loads its SKA.DLL containing two exports: "news" and "mail".
Then it spams itself to the same newsgroups or same e-mail addresses where the user was posting or mailing to. It maps SKA.EXE to memory and converts it to uuencoded format and mails an additional e-mail or newsgroup post with the same header information as the original message but containing no text but just an attachment called Happy99.exe.
Therefore Happy99 is not limited like the Win32/Parvo virus which is unable to use a particular news server when the user does not have access to it. The worm also maintains a list of addresses it has posted a copy of itself. This is stored in a file called LISTE.SKA. (The number of entries are limited in this file.)
The worm contains the following encrypted text which is not displayed:
Is it a virus, a worm, a trojan?
MOUT-MOUT Hybrid (c) Spanska 1999.
The mail header of the manipulated mails will contain a new field called "X-Spanska: YES". Normally this header field is not visible to receivers of the message.
Since the worm does not check WSOCK32.DLL's attribute, it can not patch it if it is set to read only.
Please note that after disinfection of this worm you will have to rename WSOCK32.SKA back to WSOCK32.DLL in \WINDOWS\SYSTEM folder to restore all original Winsock internet capabilities.
Happy99 does not replicated under Windows NT.
[Analysis: Peter Szor, F-Secure, 1999]
ALIAS: Happy99, WSOCK32.SKA, SKA.EXE, I-Worm.Happy, PE_SKA, Happy
SIZE: 10000
Win32/Ska.A is a Win32-based e-mail and newsgroup worm. It displays fireworks when executed first time as Happy99.exe. (Normally this file arrives as an e-mail attachment to a particular PC, or it is downloaded from a newsgroup.)
When the Happy99.exe file has been executed, every e-mail and newsgroup posting sent from the machine will cause a second message to be sent. This will contain the same sender and recipient information but contains no text, just the Happy99.exe file itself as an attachment.
Since people will usually receive Happy99.exe from someone they know (as you normally get e-mail from someone you know), people tend to trust this attachment, and run it.
When executed first time, it creates SKA.EXE and SKA.DLL in the system directory. SKA.EXE is a copy of HAPPY99.EXE. SKA.DLL is packed inside SKA.EXE. After this Ska creates a copy of WSOCK32.DLL as WSOCK32.SKA in the system directory. Then it tries to patch WSOCK32.DLL so that its export entries for two functions will point to new routines (to the worm's own functions) inside the patched WSOCK32.DLL. If WSOCK32.DLL is in use, Ska.A modifies the registry's RunOnce entry to execute SKA.EXE during next boot-up. (When executed as SKA.EXE it does not display the firework, just tries to patch WSOCK32.DLL until it is not used.)
"Connect" and "Send" exports are patched in WSOCK32.DLL. Thus the worm is able to see if the local user has any activity on network. When "Connect" or "Send" APIs are called, Ska loads its SKA.DLL containing two exports: "news" and "mail".
Then it spams itself to the same newsgroups or same e-mail addresses where the user was posting or mailing to. It maps SKA.EXE to memory and converts it to uuencoded format and mails an additional e-mail or newsgroup post with the same header information as the original message but containing no text but just an attachment called Happy99.exe.
Therefore Happy99 is not limited like the Win32/Parvo virus which is unable to use a particular news server when the user does not have access to it. The worm also maintains a list of addresses it has posted a copy of itself. This is stored in a file called LISTE.SKA. (The number of entries are limited in this file.)
The worm contains the following encrypted text which is not displayed:
Is it a virus, a worm, a trojan?
MOUT-MOUT Hybrid (c) Spanska 1999.
The mail header of the manipulated mails will contain a new field called "X-Spanska: YES". Normally this header field is not visible to receivers of the message.
Since the worm does not check WSOCK32.DLL's attribute, it can not patch it if it is set to read only.
Please note that after disinfection of this worm you will have to rename WSOCK32.SKA back to WSOCK32.DLL in \WINDOWS\SYSTEM folder to restore all original Winsock internet capabilities.
Happy99 does not replicated under Windows NT.
[Analysis: Peter Szor, F-Secure, 1999]
