Monday, November 14, 2005


HTML formatting delivers a host of benefits to email users, but it can also introduce threats. One of the most infamous of these threats is BleBla, which includes the rather dreadful requirement that users simply preview or open email messages to initiate BleBla’s functions.
When BleBla arrives as an email message, it brings along two attachments: MyJuliet.chm and MyRomeo.exe. When a user opens or previews the email message, BleBla’s HTML component saves the attachments in the Windows Temp folder (usually C:\WINDOWS\TEMP) and executes MyJuliet.chm, which then launches the central worm component of BleBla, MyRomeo.exe.
MyRomeo.exe gathers email addresses from the Outlook address book and sends email messages using SMTP (Simple Mail Transfer Protocol) servers located in Poland. BleBla randomly selects a subject heading from a list of 12 choices. Some experts contend that BleBla’s ability to connect to outside servers gives it the power to download upgrades or payloads.


Post a Comment

<< Home