[Dshield] Possible Virus......??
james.jarvis at quest-media.com
Mon Mar 18 15:07:54 GMT 2002
I just asked the person that had it and they deleted it so I can't get hold
of the source again. I had a look earlier, and it was code sending you to a
website. If you goto http://www.callin.net it will commence the download of
something. If anyone has a machine that they use to test stuff on and is not
going to affect a network atc. just go there and see what happens!
From: John Sage [mailto:jsage at finchhaven.com]
Sent: 18 March 2002 14:43
To: list at dshield.org
Subject: Re: [Dshield] Possible Virus......??
If you have the html source, look for something like:
[meta HTTP-EQUIV="REFRESH" CONTENT="5; URL=../index.html"]
This tag automatically redirects the viewer to whatever url is after
"URL= " after the number of seconds in "CONTENT= "
This is *one* method of sending you off to an unknown web site, merely
by viewing an html-formatted email..
Most people don't type their own logfiles; but, what do I care?
On Mon, Mar 18, 2002 at 10:37:17AM -0000, James Jarvis wrote:
> Hi there,
> One of my colleagues received an email from test at test.com.tw when the
> was opened it launhed a web-site and commenced downloading a file - It
> didn't display the name of the file, and the download was cancelled before
> it was able to continue. I checked the source of the email (It was in
> and it pointed to a site called callin.net. The remainder of the email was
> all in stragnge random characters, and there was a type of form at the
> of the email.
> I ran a virus scan on the computer (McCafee) and it didn't find anything
> unusual. Does anyone have any thoughts? It may be completely harmless, but
> am not a fan of executable emails. Was thinking of sending the URL to
> McCaffee suport, for them to investigate.
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list