Doesn't the newer versions of Declude Virus catch the IFRAME vulnerability?
Isn't this a post for the virus list? John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Dave Doherty > Sent: Tuesday, November 09, 2004 9:36 PM > To: Undisclosed-Recipient:; > Subject: [Declude.JunkMail] New virus with unusual deployment > > Hi, all - > > "Heads up!" > > There is a new variant of the MyDoom virus that does not work in the usual > way. > > Previous MyDoom virii have attached the virus payload to an email message. > The new variants (AH and AI, so far) simply include links to infected > machines. The links exploit the Internet Explorer IFRAME vulnerability and > then worm their way into address books, install SMTP servers and self-start > registry entries, and generally make nuisances of themselves by sending > emails to your contacts encouraging them to click links back to your > machines. > > Since the email does not contain the payload, the virus cannot be caught at > the email level. Therefore, be especially careful that your firewalls and > antivirus programs have the definitions for the new variants and that all > machines on your systems have the very latest patches from > http://windowsupdate.microsoft.com. > > As of this writing, Symantec has published defintions for the AH and AI > variants. McAfee has published only the AH variant. Fortinet and Sophos have > published these variants under the name bofra-a and bofra-b > > More info is at > > http://www.integratedmar.com/connectit/stories/1319.cfm > http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] > http://www.sarc.com/avcenter/venc/data/[EMAIL PROTECTED] > http://www.sophos.com/virusinfo/analyses/w32bofrab.html > > -Dave Doherty > Dataworld, Inc. > Skywaves, Inc. > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
