Re: New MSN Messenger Worm

From: dreamwvr@dreamwvr.com
Date: 02/14/02


Date: Thu, 14 Feb 2002 10:36:38 -0700
From: "dreamwvr@dreamwvr.com" <dreamwvr@dreamwvr.com>
To: incidents@securityfocus.com

On Thu, Feb 14, 2002 at 04:12:15AM -0000, Bill Schalck wrote:
>
> In-Reply-To: <1013605797.17116.27.camel@deck.paradisepoker.com>
>
> The details at our office were different. The message
> was “URGENT: Go to this web site
> www.rjdesigns.co.uk/cool/” (or something very close
> to that). The strange thing is that this user SWEARS
> that he never clicked on the link but our logs show his
> computer attempted to access that web site. Luckily
> the site was down, possibly couldn’t handle the load.
> Does anyone know of an exploit that combined with
> the MSN exploit could redirect to a web site without
> the users knowledge or action?
>
> I'm concerned that eventually someone "smart" is
> going to build a nimda like cocktail of MSN, IE and
> other exploits that will spread faster than any virus
> we’ve seen yet. Can anyone say ARIS ThreatCon 4?

  Well it certainly is not inconceivable that someone will
do the equivalent of mouse-over triggers and release a
plague.. :-{ iThat is if they are not doing that already.
Pick a technology that is mouse over interactive and
there is potential issues.

Best Regards,
dreamwvr@dreamwvr.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com