[Dshield] Possible Virus......??

Clint Byrum cbyrum at erp.com
Mon Mar 18 18:27:33 GMT 2002


I've seen a lot more that use <IFRAME src="http://badsite/badstuff"
height=1 width=1> or <IMG> also.

On Mon, 2002-03-18 at 06:42, John Sage wrote:
> If you have the html source, look for something like:
> 
> [meta HTTP-EQUIV="REFRESH" CONTENT="5; URL=../index.html"]
> 
> This tag automatically redirects the viewer to whatever url is after
> "URL= " after the number of seconds in "CONTENT= "
> 
> This is *one* method of sending you off to an unknown web site, merely
> by viewing an html-formatted email..
> 
> 
> - John
> -- 
> Most people don't type their own logfiles;  but, what do I care?
> 
> 
>  
> On Mon, Mar 18, 2002 at 10:37:17AM -0000, James Jarvis wrote:
> > Hi there,
> > 
> > One of my colleagues received an email from test at test.com.tw when the email
> > was opened it launhed a web-site and commenced downloading a file - It
> > didn't display the name of the file, and the download was cancelled before
> > it was able to continue. I checked the source of the email (It was in HTML)
> > and it pointed to a site called callin.net. The remainder of the email was
> > all in stragnge random characters, and there was a type of form at the base
> > of the email.
> > 
> > I ran a virus scan on the computer (McCafee) and it didn't find anything
> > unusual. Does anyone have any thoughts? It may be completely harmless, but I
> > am not a fan of executable emails. Was thinking of sending the URL to
> > McCaffee suport, for them to investigate.
> > 
> > Thanks,
> > James
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 

------------------------------
Clint Byrum
ERP.COM 





More information about the list mailing list