worm atacking NTs vulnerables detected by NA 2K??

[Hackemate.com.ar <hackemate () softhome net>]

Happened to em, while i was checking come NT servers, that lots fo
them, affected by teh Unicode and decode traversal bug, had benn
hacked, i think by a worm, because it was the same in all of them.
The message that appeared in the hacked site is down here, and what
was very weirdow was that Norton Antivirus 2000 detected that html
file as a virus. Norton detects hacked web pages?

The message in teh hacked sites said:

fuck USA Government

fuck PoizonBOx

contact:sysadmcn () yahoo com cn

And the Html source:

<html>
<body bgcolor=black>
<br><br><br><br><br><br>
<table width=100%><td>
<p align="center">
<font size=7 color=red>fuck USA Government</font>
<tr><td><p align="center">
<font size=7 color=red>fuck PoizonBOx<tr><td>
<p align="center">
<font size=4 color=red>contact:sysadmcn () yahoo com cn</html>

Bye guys

KerozenE 1999-2001 c0oL!
ICQ: 78480975
*********************************
Webmaster de www.hackemate.com.ar
hackemate () softhome net
*********************************
Moderador de HACKEMATE ML
http://www.eListas.net/lista/hackemate/alta
hackemate-alta () Elistas net
*********************************
Editor Del EZine HC&KTM Mensual:HPVCC y todo el Under de la Net
Http://www.hackemate.com.ar
hackemate-alta () Elistas net
*********************************
IRC.elsitio.com port:6667 #hackemate
*********************************


Friday, August 03, 2001, 6:38:41 PM, you wrote:

MH> Good afternoon,
MH>         While surfing last evening I found several sites that had appeared
MH> to be hacked. Their SSL certs were invalid and the site read "prepare to be
MH> owned." Did anyone else experience this? Is this a new worm or script
MH> junkie? Thanks again.

MH> Michael Hendricks