"Eric A. Hall" wrote:
Is Outlook Express immune to this or does it execute VB script too?
If you have VBS installed (Windows Scripting Host) and you execute the attachment you will be in big trouble. This applies to all Windows mailers, whether it be Eudora or Communicator or whatever. AFAIK, the only mailer that automatically executes VBS is Outlook.
Many mail programs (including Netscape Communicator) have no VBS support in them, so they can not execute virusses like this one. Netscape Communicator has another feature which is especially good for fighting e-mail virusses. It is impossible to execute an executable attachment (VBS, EXE, whatever) directly from a mail message, news message or web page. The user must explicitly save the attachment to disk and execute it by hand. This eliminates all the cases of people accidentally executing attachments, thinking that they are actually document files of some kind. I don't know if Eudora has similar safeguards or not. I have not used it. I know that Microsoft's mail programs (Outlook and Outlook Express) are both lacking in such safeguards. It is possible for these programs to launch executable attachments. They can also auto-launch them when the message is opened. One of them (I think Outlook) can also auto-launch attachments when the message is selected (and displayed in the preview window) and not even opened. This is a _BIG_ security hole that Microsoft has not fixed, despite other virusses (like Melissa) which have already taken advantage of it. -- David