[Dshield] Taking the courtesy of warning about links to infected or malicious web pages

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Mar 18 14:00:43 GMT 2004

Taking the courtesy of warning about links to infected or malicious web pages

You may have noticed references in a few posts to this list (on March 9 and 10)
containing a hyperlink to one of the web pages of Columbia University (in the
City of New York).

After clicking the hyperlink for this specific page, auto-protect features of
anti-virus programs alarmed that a specific virus resides in the browser's
cache. For instance, NAV2004 detected and identified the threat as
W32.Sobig.F at mm.enc.

Would someone with in-depth understanding on the incident kindly shed light on
the following?

1) Does this university's web page actually contain viral code?
2) Or does the web page merely contain enough of the viral code to match the
virus' signature, and hence cause the alert?
3) Is the existence of the viral code in the browser's temporary cache file
harmful or harmless?
4) If the code is actually viral, is it also hostile?
5) Could the viral code activate, if left unnoticed in the browser's cache
6) Should the university be notified about the web page causing alerts by
anti-virus programs?

I assume that sender(s) of post(s) containing link(s) targeting to infected or
malicious web pages take the courtesy of warning about the possible danger.

For your convenience, I repeat the link of this sample case below.

*** Please note that the following link targets to a web page that possibly
contains viral code: ***


(If memory serves well, the certificate for this web server has expired.)


- Pete

     "The cause is hidden. The effect is visible to all."
                  Ovid (43BC-17AD); Roman poet.

More information about the list mailing list