Security Incidents mailing list archives
Re: MIME type of readme.eml (was Re: New "concept" virus/worm?
From: "Henrik Pedersen" <pedersen () henrik dk>
Date: Wed, 19 Sep 2001 08:21:47 +0200
Enable your HTTP inbound filter and allow only the extensions you need ppl from the outside to see on your inside net. Because of this we didn't get hit by Code Red or any of it's kind. Right now we're also blocking .eml files outbound to protect our clients on the inside. Regards Henrik Pedersen Cautela A/S Denmark ----- Original Message ----- From: "Rob Quinn" <rquinn () sec sprint net> To: "Jim Olsen" <jim () cyberjunkees com> Cc: <incidents () securityfocus com> Sent: Wednesday, September 19, 2001 7:25 AM Subject: MIME type of readme.eml (was Re: New "concept" virus/worm?
- add this string to the web pages found on the server: <html><script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script></html>My Raptor firewall and WGET to one sample site show this as MIME type "message/rfc822". Does this seem to be universal? If I block just that type, will it be enough to stop nimda hitting IE users? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New "concept" virus/worm? Joao Gouveia (Sep 18)
- Re: New "concept" virus/worm? Jay D. Dyson (Sep 18)
- Re: New "concept" virus/worm? Brett Glass (Sep 18)
- Re: New "concept" virus/worm? Berislav Kucan (Sep 18)
- Re: New "concept" virus/worm? Jim Olsen (Sep 18)
- Re: New "concept" virus/worm? Bernie Cosell (Sep 18)
- MIME type of readme.eml (was Re: New "concept" virus/worm? Rob Quinn (Sep 19)
- Re: MIME type of readme.eml (was Re: New "concept" virus/worm? Henrik Pedersen (Sep 19)
- Re: New "concept" virus/worm? Brett Glass (Sep 18)
- Re: New "concept" virus/worm? Jay D. Dyson (Sep 18)
- Re: New "concept" virus/worm? Ryan Russell (Sep 18)
- Re: New "concept" virus/worm? Nick FitzGerald (Sep 18)
- Re: New "concept" virus/worm? Jim (Sep 18)
- Side Affect of the new worm: HD fills up Stanley G. Bubrouski (Sep 19)
- Re: New "concept" virus/worm? Michael H. Warfield (Sep 18)
- RE: New "concept" virus/worm? Joseph P Frazee (Sep 18)
- <Possible follow-ups>
- RE: New "concept" virus/worm? Christian Hampson (Sep 18)