Re: malware in images

[Jordan Wiens <numatrix () UFL EDU>]

On Thu, 24 Jun 2004, Brian Eckman wrote:

> Kathy Bergsma wrote:
> > 64.46.100.96
> > 65.254.51.42
> > 66.98.190.22
> > 67.15.42.34
> > 67.18.79.20
> > 69.50.170.214
> > 69.93.54.158
> > 81.211.105.24
> > 195.208.235.66
> > 207.150.192.12
> > 213.159.117.131
>
> Am I mistaken, or is that just a list of IP addresses that have at least
> one Web site on them that is exploiting the unpatched IE flaw outlined
> at http://62.131.86.111/analysis.htm ?

You're not mistaken, that's correct.

> What Doug is reporting is that a bunch of legitimate Web sites were
> hacked and had a specific piece of malware installed on them that
> pointed users to a specific URL. This means users visiting "legitimate"
> sites are being exploited, which is significant news. The other IP
> addresses have Web sites on them that are not what I would call
> "legitimate", and are typically getting people to visit them via Spam.

Absolutely.  That list was just an fyi about the issue in general, not
about those legitimate sites that have been compromised, thanks for the
clarification.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.