Thunderbird client 91.13.0 allows virus Script/Wacatac.H!ml to infect computer
Categories
(Thunderbird :: Security, enhancement)
Tracking
(Not tracked)
People
(Reporter: gschultz, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
Steps to reproduce:
While deleting e-mails from spam folder, Windows Defender notified me that a virus, Trojan:Script/Wacatac.h!ml had infected my computer. Defender gives the location as file: C:\Users\gschultz\AppData\Roaming\Thunderbird\Profiles\6pdyxn5d.default\ImapMail\imap.googlemail-1.com[Gmail].sbd\Spam. I did not click any links in any of the spam e-mails, so it was able to install itself just by previewing it somehow.
Actual results:
Infection by trojan was successful.
Expected results:
Would have preferred that it be blocked before finding a way to install itself. Thanks.
|
||
Comment 1•3 years ago
|
||
Maybe your antivirus just found the signature of the virus in an attachment of the spam message. If it succeeded to "install itself", that would typically require browser vulnerabilities [1], and your antivirus should probably show other affected spots.
So I doubt there's something wrong on the Thunderbird side.
Magnus may know more.
[1] https://security.stackexchange.com/questions/32288/can-javascript-be-used-to-install-malware
|
||
Comment 2•3 years ago
|
||
It sounds like all that happened is you received a virus attached to a spam, and defender now found that virus? That doesn't mean the virus would be able to do anything. I don't know what Thunderbird could have done differently.
That makes sense. I was hasty in reporting as a T-bird problem. You may close it.
Description
•