Thanks for the advisory regarding the most recent virus. You might want to mention also that infected web servers will attempt to attach a "README.EML" file to every page delivered. As pointed out by George Guninski's advisory last year, .eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the browser has been patched by a microsoft update since December 2000, I believe) To see if YOUR browser has been patched vs. eml embedded files, you could check guninski's demo page at: http://www.guninski.com/eml-desc.html The news about the attachment was received from http://www.dshield.org/ Symantec has a page about the virus at: http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.aat_private McAfee's page about the virus is at: http://vil.mcafee.com/dispVirus.asp?virus_k=99209 Oh, according to the McAfee advisory, this one is marked internally: Concept Virus (CV) V.5, Copyright (C) 2001 R.P.China ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 12:20:24 PDT