Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Superkay.com:888

From: Richard Bradford <rbradford () vendaregroup com>
Date: Tue, 18 Sep 2001 16:44:07 -0700
Anyone see this come up just a while ago on the Oracle home page?
(www.oracle.com) 
and www.cnn.com had the same problem.  It appeared to redirect me to the
superkay.com:888
page. But nothing else. I checked the source of this culprit page and there
was nothing 
special about it.

I've included a screen shot of this redirected web page.  


rdb












-----Original Message-----
From: Bernie Cosell [mailto:bernie () fantasyfarm com]
Sent: Tuesday, September 18, 2001 1:13 PM
To: incidents () securityfocus com
Subject: Re: New "concept" virus/worm?


On 18 Sep 2001, at 14:01, Jim Olsen wrote:


This is a cumulation of the information i've found on W32.nimda thus far:

W32.nimda is NOT a code red variant, and the people who referring to it as



"Code Blue" were mistaken...


 [...]


EVERYONE who uses internet explorer to browse the internet should probably

do 

one of two things to stop from being automatically infected by W32.nimda

(i 

have not tested whether or not turning off javascript fixes the problem):
        o) don't browse web pages until microsoft releases a patch
        o) turn OFF javascript


I was under the impression that the vulnerability that nimda exploits was 
known and has been patched (in May)

<http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q290108>
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/bulletin/ms01-020.asp>


EVERYONE who uses outlook/outlook express should, at the very least, not

open 

any attachments that they are not expecting.


THIS recommendation has nothing to do with nimda -- anyone who hasn't 
gotten *THIS* message yet is hopeless...  Taking the opportunity to 
restate it here is OK, I guess, since a lot of folk jsut WONT get the 
message.


. Turning off auto-preview might 
be a good idea as well.


Why?

  /bernie\


-- 
Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie () fantasyfarm com     Pearisburg, VA
    -->  Too many people, too few sheep  <--          

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: