Educause Security Discussion mailing list archives

malware in images

From: Doug Pearson <dodpears () INDIANA EDU>
Date: Wed, 23 Jun 2004 22:32:51 -0500

There's *early* report of lots of sites infected with images that contain malware. The Javascript appended to the 
images reaches back to "http: // 217.107.218.147/ dot.php" to get the next dose of malware. The embedded spaces in the 
URL are mine to prevent accidental launches.

I'm running a current Symantec AV on my desktop. SAV catches what's at the URL as:
  Scan type:  Realtime Protection Scan
  Event:  Virus Found!
  Virus name: Download.Ject
  File:  [obfuscated by Doug P]new[1].htm
  [and so forth...]

Sites may wish to apply local network filters to block 217.107.218.147!

Regards,

Doug Pearson
Research and Education Networking ISAC
http://www.ren-isac.net
Watch Desk 24x7: +1(317)278-6630

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

malware in images Doug Pearson (Jun 23)
- <Possible follow-ups>
- Re: malware in images Doug Pearson (Jun 24)
- Re: malware in images Kathy Bergsma (Jun 24)
- Re: malware in images Brian Eckman (Jun 24)
- Re: malware in images Jordan Wiens (Jun 24)
- Re: malware in images Jeff Kell (Jun 24)