Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please tell me I'm wrong: microsoft.com infected

From: Johannes Verelst <johannes () verelst net>
Date: Thu, 20 Sep 2001 00:49:50 +0200 (MEST)
Rodrigo Goya <lucent () securenet com mx> wrote:

I'd guess that the complex "physical" arrangement of such a large
site, and perhaps update mirroring lags, means that not all servers
have received their "updates" including that file yet.  (Also, they
may have AV software or other measures preventing the EML files from
getting on the servers, but be worried about the overhead of having
the on-access scanners parsing their HTML files each time they are
served...


At the moment, all 4 servers in the microsoft.com round-robin DNS appear
to not be vulnerable anymore: the extra HTML disappeared from the page.

Johannes
-- 
Unix is simple. It just takes a genius to understand its simplicity


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: