I first noticed it when I checked out the defacement at http://www.moi.gov.ir (URL is still infected) the "ISLAMIC REPUBLIC OF IRAN - MINISTRY OF INTERIOR website that was defaced by "The Dispatchers". Not sure if it started there though.. Shawn -----Original Message----- From: Gary Warner [mailto:garat_private] Sent: Tuesday, September 18, 2001 2:37 PM To: INCIDENTSat_private Subject: Concept Virus / Nimda Thanks for the advisory regarding the most recent virus. You might want to mention also that infected web servers will attempt to attach a "README.EML" file to every page delivered. As pointed out by George Guninski's advisory last year, .eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the browser has been patched by a microsoft update since December 2000, I believe) _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 15:47:50 PDT