it's problem about DNS pollution if you use w2k , check these setting http://www.microsoft.com/windows2000/en/datacenter/help/default.asp?url=/WINDOWS2000/en/datacenter/help/sag_DNS_pro_SecureCachePollutedNames.htm other vendor product need checking DNS pollution!! ----- Original Message ----- From: "Richard Bradford" <rbradfordat_private> To: <incidentsat_private> Sent: Wednesday, September 19, 2001 8:44 AM Subject: Superkay.com:888 > Anyone see this come up just a while ago on the Oracle home page? > (www.oracle.com) > and www.cnn.com had the same problem. It appeared to redirect me to the > superkay.com:888 > page. But nothing else. I checked the source of this culprit page and there > was nothing > special about it. > > I've included a screen shot of this redirected web page. > > > rdb > > > > > > > > > > > > > -----Original Message----- > From: Bernie Cosell [mailto:bernieat_private] > Sent: Tuesday, September 18, 2001 1:13 PM > To: incidentsat_private > Subject: Re: New "concept" virus/worm? > > > On 18 Sep 2001, at 14:01, Jim Olsen wrote: > > > This is a cumulation of the information i've found on W32.nimda thus far: > > > > W32.nimda is NOT a code red variant, and the people who referring to it as > > > "Code Blue" were mistaken... > > [...] > > > EVERYONE who uses internet explorer to browse the internet should probably > do > > one of two things to stop from being automatically infected by W32.nimda > (i > > have not tested whether or not turning off javascript fixes the problem): > > o) don't browse web pages until microsoft releases a patch > > o) turn OFF javascript > > I was under the impression that the vulnerability that nimda exploits was > known and has been patched (in May) > > <http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q290108> > <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security > /bulletin/ms01-020.asp> > > >EVERYONE who uses outlook/outlook express should, at the very least, not > open > > any attachments that they are not expecting. > > THIS recommendation has nothing to do with nimda -- anyone who hasn't > gotten *THIS* message yet is hopeless... Taking the opportunity to > restate it here is OK, I guess, since a lot of folk jsut WONT get the > message. > > > . Turning off auto-preview might > > be a good idea as well. > > Why? > > /bernie\ > > > -- > Bernie Cosell Fantasy Farm Fibers > mailto:bernieat_private Pearisburg, VA > --> Too many people, too few sheep <-- > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > -------------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 22:08:14 PDT