[Dshield] Possible Virus......??
jsage at finchhaven.com
Mon Mar 18 14:42:56 GMT 2002
If you have the html source, look for something like:
[meta HTTP-EQUIV="REFRESH" CONTENT="5; URL=../index.html"]
This tag automatically redirects the viewer to whatever url is after
"URL= " after the number of seconds in "CONTENT= "
This is *one* method of sending you off to an unknown web site, merely
by viewing an html-formatted email..
Most people don't type their own logfiles; but, what do I care?
On Mon, Mar 18, 2002 at 10:37:17AM -0000, James Jarvis wrote:
> Hi there,
> One of my colleagues received an email from test at test.com.tw when the email
> was opened it launhed a web-site and commenced downloading a file - It
> didn't display the name of the file, and the download was cancelled before
> it was able to continue. I checked the source of the email (It was in HTML)
> and it pointed to a site called callin.net. The remainder of the email was
> all in stragnge random characters, and there was a type of form at the base
> of the email.
> I ran a virus scan on the computer (McCafee) and it didn't find anything
> unusual. Does anyone have any thoughts? It may be completely harmless, but I
> am not a fan of executable emails. Was thinking of sending the URL to
> McCaffee suport, for them to investigate.
More information about the list