Security Incidents mailing list archives
Superkay.com:888
From: Richard Bradford <rbradford () vendaregroup com>
Date: Tue, 18 Sep 2001 16:44:07 -0700
Anyone see this come up just a while ago on the Oracle home page? (www.oracle.com) and www.cnn.com had the same problem. It appeared to redirect me to the superkay.com:888 page. But nothing else. I checked the source of this culprit page and there was nothing special about it. I've included a screen shot of this redirected web page. rdb -----Original Message----- From: Bernie Cosell [mailto:bernie () fantasyfarm com] Sent: Tuesday, September 18, 2001 1:13 PM To: incidents () securityfocus com Subject: Re: New "concept" virus/worm? On 18 Sep 2001, at 14:01, Jim Olsen wrote:
This is a cumulation of the information i've found on W32.nimda thus far: W32.nimda is NOT a code red variant, and the people who referring to it as
"Code Blue" were mistaken...
[...]
EVERYONE who uses internet explorer to browse the internet should probably
do
one of two things to stop from being automatically infected by W32.nimda
(i
have not tested whether or not turning off javascript fixes the problem): o) don't browse web pages until microsoft releases a patch o) turn OFF javascript
I was under the impression that the vulnerability that nimda exploits was known and has been patched (in May) <http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q290108> <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security /bulletin/ms01-020.asp>
EVERYONE who uses outlook/outlook express should, at the very least, not
open
any attachments that they are not expecting.
THIS recommendation has nothing to do with nimda -- anyone who hasn't gotten *THIS* message yet is hopeless... Taking the opportunity to restate it here is OK, I guess, since a lot of folk jsut WONT get the message.
. Turning off auto-preview might be a good idea as well.
Why? /bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:bernie () fantasyfarm com Pearisburg, VA --> Too many people, too few sheep <-- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Superkay.com:888 Richard Bradford (Sep 18)
- Re: Superkay.com:888 sanghun (Sep 18)
- <Possible follow-ups>
- RE: Superkay.com:888 Dave Hart (Sep 18)