Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MIME type of readme.eml (was Re: New "concept" virus/worm?

From: "Henrik Pedersen" <pedersen () henrik dk>
Date: Wed, 19 Sep 2001 08:21:47 +0200
Enable your HTTP inbound filter and allow only the extensions you need ppl from the outside 
to see on your inside net. Because of this we didn't get hit by Code Red or any of it's kind.
Right now we're also blocking .eml files outbound to protect our clients on the inside.

Regards

Henrik Pedersen
Cautela A/S
Denmark


----- Original Message ----- 
From: "Rob Quinn" <rquinn () sec sprint net>
To: "Jim Olsen" <jim () cyberjunkees com>
Cc: <incidents () securityfocus com>
Sent: Wednesday, September 19, 2001 7:25 AM
Subject: MIME type of readme.eml (was Re: New "concept" virus/worm?



- add this string to the web pages found on the server:
<html><script language="JavaScript">window.open("readme.eml", null, 
"resizable=no,top=6000,left=6000")</script></html>


 My Raptor firewall and WGET to one sample site show this as MIME type
"message/rfc822".  Does this seem to be universal? If I block just that type,
will it be enough to stop nimda hitting IE users?

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com






----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: