RE: Concept Virus / Nimda

["Grab Raham" <grabraham () hotmail com>]

I first noticed it when I checked out the defacement at 
http://www.moi.gov.ir (URL is still infected) the "ISLAMIC REPUBLIC OF IRAN 
- MINISTRY OF INTERIOR website that was defaced by "The Dispatchers". Not 
sure if it started there though..

Shawn
-----Original Message-----
From: Gary Warner [mailto:gar () askgar com]
Sent: Tuesday, September 18, 2001 2:37 PM
To: INCIDENTS () securityfocus com
Subject: Concept Virus / Nimda


Thanks for the advisory regarding the most recent virus.  You might want to 
mention also that infected web servers will attempt to attach a "README.EML" 
file to every page delivered.  As pointed out by George Guninski's advisory 
last year, .eml files WILL EXECUTE if viewed in IE 5.0 or higher (unless the 
browser has been patched by a microsoft update since December 2000, I 
believe)



_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com