Re: Fwd: URGENT: bot net with keylogger

["Dave Monnier, IT Security Office, Indiana University" <dmonnier () IU EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gary Flynn wrote:
> That brings up the next question.
>
> Did people accept the download after they
> clicked the link or did it get forced
> on them through an IE defect. I don't
> see any ms-its/mhtml/hta code on the site.
> There's a sound file though. Have you visited
> the site with patched and unpatched IE?

I haven't looked at it with anything Win32.

The content there will hopefully be going away soon.  I've just heard
that some folks have gotten word back from the owners.  If you haven't
already, you may want to grab a specimen now for study. If not, folks
can contact me off-list and I can get a copy to you.

Cheers,
- -Dave


- --
| Dave Monnier - dmonnier () iu edu - http://php.indiana.edu/~dmonnier/ |
|  Lead Security Engineer, Information Technology Security Office    |
|  Office of the VP for Information Technology, Indiana University   |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAeu78BIf6jlONJjIRArwMAJ0Wsc3+LpGWs53uEBluz3ifq9vYwwCgncyj
Ztn1flnLB/+NMxujonc0PR8=
=Cw97
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.