On Wed, 19 Sep 2001, Isherwood Jeff C Contr AFRL/IFOSS wrote:
> Now that everyone has had a chance to look at it (I'm sure many folks
> captured live copies of this bugger).
You say the following in your advisory:
Search for file types above containing readme.eml, but pay close
attention to the following default file names:
index.html
index.htm
...
On our systems (web development machines with hundreds of HTML/ASP pages)
all the files were infected, so EDIT ALL YOUR ASP/HTML FILES!!!!!
Yes, I must stress this once again:
EDIT ALL YOUR ASP/HTML FILES!!!!!
You can use the MicroSoft 'find' function to find all files that have the
string 'readme.eml' in them to find all infected HTML/ASP files.
Kind regards,
Johannes Verelst
--
Unix is simple. It just takes a genius to understand its simplicity
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 10:14:28 PDT