Email bug hides viruses from firewalls

NEWS A group of Finnish computer researchers has discovered a bug in some email programmes which US reports are claiming to be one of the most serious ever discovered. But one security consultant has dismissed the reports as "scaremongering". Graham Cluley, senior technology consultant for anti-virus specialist, Dr Solomon's, said: "The point is that no-one has ever exploited these so-called holes and I don't imagine they will." The Secure Computing Group at Finland's Oulu University found the flaw, which allows email messages containing viruses to pass undetected through any firewall or anti-virus protection. Every version of Microsoft's Outlook and Outlook Express software and Netscape's Navigator Web browser has been found to contain the bug, which could let in booby-trapped messages capable of erasing hard drives and stealing data. But Cluely remains unconvinced: "The worst that can happen is a denial of service through system crashes. Besides, it can't be that bad as both companies are already fixing the problem." Microsoft has already posted patches on its Web site, while Netscape is working on a fix. Cluely maintains that Web sites, newsgroups and CD Roms are the real breeding ground for viruses. Hackers can deposit a virus onto a company's Web site or chat forum, from where it is distributed to visitors.