This post originated from an RSS feed registered with .NET Buzz
by Doug Thews.
Original Post: More Sobig
Feed Title: IlluminatiLand
Feed URL: http://apps5.oingo.com/apps/domainpark/domainpark.cgi?client=netw8744&s=JETBRAINS.COM
Feed Description: A technology blog for people enlightened enough to think for themselves
I posted earlier about the amount of Sobig infected mail I am now getting. I received some interesting (and insane) responses. The purpose, however, of the e-mail was to educate people out there that just right-clicking an e-mail can do as much harm as opening it or turning on Preview.
Anyway, I wanted to give some technical information on how newer versions of Outlook block attachments. Outlook has 3 levels of attachments. Level 1, is a default set of file types (which cannot be changed) that are automatically blocked by Outlook. They are called "unsafe" attachments:
.ade Microsoft Access project extension
.adp Microsoft Access project
.asx Windows Media Audio / Video
.bas Microsoft Visual Basic class module
.bat Batch file
.chm Compiled HTML Help file
.cmd Microsoft Windows NT Command script
.com Microsoft MS-DOS program
.cpl Control Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.lnk Shortcut
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdt Microsoft Access workgroup information
.mdw Microsoft Access workgroup information
.mdz Microsoft Access wizard program
.msc Microsoft Common Console document
.msi Microsoft Windows Installer package
.msp Microsoft Windows Installer patch
.mst Microsoft Windows Installer transform
.ops Office XP settings
.pcd Photo CD image
.pif Shortcut to MS-DOS program
.prf Microsoft Outlook profile settings
.reg Registration entries
.scf Windows Explorer command
.scr Screen saver
.sct Windows Script Component
.shb Shell Scrap object
.shs Shell Scrap object
.url Internet shortcut
.vb VBScript file
.vbe VBScript Encoded script file
.vbs VBScript file
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file
Level 2 attachments are not considered unsafe, but Outlook does prompt you to Save to Disk when they are encountered.
Level 3 attachments are anything not in Level 1 or Level 2. When you try to open a Level 3 attachment you are prompted to either open the file directly or to save it to a disk. You can turn off future prompts for that extension if you clear the "Always ask before opening this type of file" check box in the Save As dialog.
I'll post later about how to add file extension types to the Level 1 and Level 2 group.