Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New MSN Messenger Worm

From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Thu, 14 Feb 2002 10:36:38 -0700
On Thu, Feb 14, 2002 at 04:12:15AM -0000, Bill Schalck wrote:


In-Reply-To: <1013605797.17116.27.camel () deck paradisepoker com>

The details at our office were different.  The message 
was “URGENT: Go to this web site 
www.rjdesigns.co.uk/cool/” (or something very close 
to that).  The strange thing is that this user SWEARS 
that he never clicked on the link but our logs show his 
computer attempted to access that web site.  Luckily 
the site was down, possibly couldn’t handle the load.  
Does anyone know of an exploit that combined with 
the MSN exploit could redirect to a web site without 
the users knowledge or action?

I'm concerned that eventually someone "smart" is 
going to build a nimda like cocktail of MSN, IE and 
other exploits that will spread faster than any virus 
we’ve seen yet.  Can anyone say ARIS ThreatCon 4?


  Well it certainly is not inconceivable that someone will
do the equivalent of mouse-over triggers and release a 
plague.. :-{ iThat is if they are not doing that already.
Pick a technology that is mouse over interactive and 
there is potential issues. 

Best Regards,
dreamwvr () dreamwvr com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: