('binary' encoding is not supported, stored as-is) In-Reply-To: <1013605797.17116.27.camelat_private> We had a similar incident today but only one user. Could have been a lot more if that user had not gotten the same message at exactly the same time from 6 of his contacts and knew something was wrong and did not click on the link. The details at our office were different. The message was “URGENT: Go to this web site www.rjdesigns.co.uk/cool/” (or something very close to that). The strange thing is that this user SWEARS that he never clicked on the link but our logs show his computer attempted to access that web site. Luckily the site was down, possibly couldn’t handle the load. Does anyone know of an exploit that combined with the MSN exploit could redirect to a web site without the users knowledge or action? I'm concerned that eventually someone "smart" is going to build a nimda like cocktail of MSN, IE and other exploits that will spread faster than any virus we’ve seen yet. Can anyone say ARIS ThreatCon 4? There is some good information and a number of links at http://www.securityfocus.com/archive/1/255255, including a link to a web site at http://tom.me.uk/msn/demo.html that is a benign sample of how the exploit works. Now for the good news (if there is ever good news with a security vulnerability). The Microsoft patch available at http://www.microsoft.com/windows/ie/downloads/criti cal/q316059/default.asp at least stops the sample posted on http://tom.me.uk/msn/demo.html from functioning. Not sure if there are variations on the exploit that might still work. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 20:43:18 PST