Security Incidents mailing list archives
RE: Please tell me I'm wrong: microsoft.com infected
From: "Ken Pfeil" <Ken () infosec101 org>
Date: Wed, 19 Sep 2001 18:27:51 -0400
Must have been 207.46.230.218 'cause it's offline now.
-----Original Message----- From: Ken Pfeil [mailto:Ken () infosec101 org] Sent: Wednesday, September 19, 2001 6:26 PM To: Michael H. Warfield; Steve Cody Cc: incidents () securityfocus com Subject: RE: Please tell me I'm wrong: microsoft.com infected Which system? Canonical name: www.microsoft.akadns.net Aliases: www.microsoft.com Addresses: 207.46.230.218 207.46.197.102 207.46.197.100 207.46.230.220-----Original Message----- From: Michael H. Warfield [mailto:mhw () wittsend com] Sent: Wednesday, September 19, 2001 5:54 PM To: Steve Cody Cc: incidents () securityfocus com Subject: Re: Please tell me I'm wrong: microsoft.com infected On Wed, Sep 19, 2001 at 03:37:39PM -0400, Steve Cody wrote:I just went to http://www.microsoft.com/frontpage, and my Symantec Norton Antivirus popped up and denied access to readme.eml.I could not view the source of the loaded page, so I can't verify that it is definitely infected.Yes, indeedie do. Just did a wget http://www.microsoft.com/frontpage and here is what's on da bottom: [html][script language="JavaScript"]window.open("readme.eml", null, "resizable=no,top=6000,left=6000")[/script][/html] Defanged by turning angle brackets into square brackets even though it's not in an html attachment. ;-)Steve------------------------------------------------------------------ ----------This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com-- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (678) 463-0932 |http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Please tell me I'm wrong: microsoft.com infected, (continued)
- Re: Please tell me I'm wrong: microsoft.com infected Rodrigo Goya (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Nick FitzGerald (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Johannes Verelst (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Nick FitzGerald (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Benjamin Franz (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Brian Morin (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Michael H. Warfield (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Jay D. Dyson (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Jon Zobrist (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected jmiller (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Rodrigo Goya (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Ken Pfeil (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected jmiller (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Craig Humphrey (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Boyan Krosnov (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected Dave Hart (Sep 19)
- RE: Please tell me I'm wrong: microsoft.com infected David LeBlanc (Sep 19)
- Re: Please tell me I'm wrong: microsoft.com infected Rodrigo Goya (Sep 19)