Hello, First, I do not use AIM, and so can not directly address its vulnerabilities. However, one thing in this email bothered me a great deal, so I added vuln-dev to the distribution list: On Thu, 26 Sep 2002, Troy Ablan wrote (in part): > -- BEGIN SOURCE -- > > <html><head><title>Browser Plugin Requried</title><meta > http-equiv="refresh" content="1; > url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Browser > Plugin Required:</h1><br>You may need to restart your browser for changes > to take affect.<br>Security Certificate by <a > href="http://www.verisign.com">Verisign</a> 2002.<br>MD5: > 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a > href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose > "Run" to install.</body></html> > > -- END SOURCE -- Are we getting viruses and worms with valid CERTIFICATES, these days? I mentioned this possibility, when I was discussing Palladium, a couple of months back. It's idea, in a nutshell, is that if someone has fully "opted in", their machine will *only* run code that has been properly "certified", by some central bureau. My comment was a question about how long it would take people to figure out how to "fully certify" their Virus or Worm code? Am I reading the above web page source correctly, that this is a Worm, certified by Verisign? Best regards, Ken Parker (develat_private) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 15:47:46 PDT