|
Security Incidents
mailing list archives
Re: AIM-based worm?
From: De Velopment <devel () www2 kparker org>
Date: Fri, 27 Sep 2002 08:53:46 -0700 (PDT)
Hello,
First, I do not use AIM, and so can not directly address its
vulnerabilities. However, one thing in this email bothered me
a great deal, so I added vuln-dev to the distribution list:
On Thu, 26 Sep 2002, Troy Ablan wrote (in part):
-- BEGIN SOURCE --
<html><head><title>Browser Plugin Requried</title><meta
http-equiv="refresh" content="1;
url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Browser
Plugin Required:</h1><br>You may need to restart your browser for changes
to take affect.<br>Security Certificate by <a
href="http://www.verisign.com";>Verisign</a> 2002.<br>MD5:
9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a
href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose
"Run" to install.</body></html>
-- END SOURCE --
Are we getting viruses and worms with valid CERTIFICATES, these days?
I mentioned this possibility, when I was discussing Palladium, a couple
of months back. It's idea, in a nutshell, is that if someone has fully
"opted in", their machine will *only* run code that has been properly
"certified", by some central bureau. My comment was a question about
how long it would take people to figure out how to "fully certify" their
Virus or Worm code?
Am I reading the above web page source correctly, that this is
a Worm, certified by Verisign?
Best regards,
Ken Parker (devel () www2 kparker org)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
|
Intro
