Superkay.com:888

From: Richard Bradford (rbradfordat_private)
Date: Tue Sep 18 2001 - 16:44:07 PDT

Next message: Thomas Roessler: "Nimda mostly infects /8-locally."

Previous message: Sean Kelly: "Upgrading IE detects Nimda ?"
Next in thread: sanghun: "Re: Superkay.com:888"
Reply: sanghun: "Re: Superkay.com:888"
Reply: Dave Hart: "RE: Superkay.com:888"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone see this come up just a while ago on the Oracle home page?
(www.oracle.com) 
and www.cnn.com had the same problem.  It appeared to redirect me to the
superkay.com:888
page. But nothing else. I checked the source of this culprit page and there
was nothing 
special about it.

I've included a screen shot of this redirected web page.  


rdb












-----Original Message-----
From: Bernie Cosell [mailto:bernieat_private]
Sent: Tuesday, September 18, 2001 1:13 PM
To: incidentsat_private
Subject: Re: New "concept" virus/worm?


On 18 Sep 2001, at 14:01, Jim Olsen wrote:

> This is a cumulation of the information i've found on W32.nimda thus far:
> 
> W32.nimda is NOT a code red variant, and the people who referring to it as

> "Code Blue" were mistaken...

 [...]

> EVERYONE who uses internet explorer to browse the internet should probably
do 
> one of two things to stop from being automatically infected by W32.nimda
(i 
> have not tested whether or not turning off javascript fixes the problem):
>         o) don't browse web pages until microsoft releases a patch
>         o) turn OFF javascript

I was under the impression that the vulnerability that nimda exploits was 
known and has been patched (in May)

<http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q290108>
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/bulletin/ms01-020.asp>

>EVERYONE who uses outlook/outlook express should, at the very least, not
open 
> any attachments that they are not expecting.

THIS recommendation has nothing to do with nimda -- anyone who hasn't 
gotten *THIS* message yet is hopeless...  Taking the opportunity to 
restate it here is OK, I guess, since a lot of folk jsut WONT get the 
message.

> . Turning off auto-preview might 
> be a good idea as well.

Why?

  /bernie\


-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernieat_private     Pearisburg, VA
    -->  Too many people, too few sheep  <--          

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Thomas Roessler: "Nimda mostly infects /8-locally."
Previous message: Sean Kelly: "Upgrading IE detects Nimda ?"
Next in thread: sanghun: "Re: Superkay.com:888"
Reply: sanghun: "Re: Superkay.com:888"
Reply: Dave Hart: "RE: Superkay.com:888"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 19:05:48 PDT