On Thu, 24 Jun 2004 19:02:01, [EMAIL PROTECTED] wrote: > From http://www.eweek.com/article2/0,,1617045,00.asp: > > "Analysts at NetSec Inc., a managed security services provider, began > seeing indications of the compromises early Thursday morning and have > since seen a large number of identical attacks on their customers' networks. > The attack uses a novel vector: embedded code hidden in graphics on Web > pages... NetSec officials said the attack seems to exploit a vulnerability > in Internet Explorer."
This is somewhat misleading. The attack is appending javascript footers to every file served by the IIS server, including image files. This isn't a new vector, it's just a side-effect. More information at http://isc.sans.org/ -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html