[Dshield] .hta files
ccarboni at azerty.com
Wed Apr 28 18:13:33 GMT 2004
It fits the profile.
> -----Original Message-----
> From: Louis Hablas [mailto:Lou.Hablas at rzim.org]
> Sent: Wednesday, April 28, 2004 1:39 PM
> To: Dshield (E-mail)
> Subject: [Dshield] .hta files
> Have seen several .hta files quarantined today. File names like
> "You_will_answer_to_me.hta", "the_message.hta", etc.
> I knew they were harbingers of something bad and took a look at one. It
> tried to drop the attached nuggets in place, but OfficeScan intercepted.
> Officescan says Bagle.z Can anybody confirm? Anybody else seeing same?
> file 'qwrk.old' is exe and 'qfl.old' is vbs
> Lou Hablas
> Systems Manager
> Ravi Zacharias International Ministries
> The information contained in this message may be CONFIDENTIAL and is for
> intended addressee only. Any unauthorized use, dissemination of the
> information, or copying of this message is prohibited. If you are not the
> intended addressee, please notify the sender immediately and delete this
More information about the list