OT: href:cid vulnerability ???
John Wilcock
john at TRADOC.FR
Tue Mar 30 13:19:53 IST 2004
Sorry for the off-topic post - hoping that with all the viruses
MailScanner users see, someone will be able to identify this for me, or
at least point me in the right direction. I have of course tried
googling for appropriate-looking keywords, to no avail
A friend of a colleague, having problems and suspecting a virus, has
forwarded us a suspicious-looking message which she believes might have
been the trigger.
The message is unfortunately not complete (forwarded by a non-savvy
user, using Eudora); it purports to come from her ISP and contains a
link to what looks at first glance like it might be the ISP's webmail
system. In actual fact the link is far sneakier:
| <a href="cid:031401mfdab4$3f3dl780$73387018 at 57w81fa70re">www</a>.tiscali.fr/inbox/username/read.php?sessionid<a href="cid:031401mfdab4$3f3dl780$73387018 at 57w81fa70re">-26899</a>
(I've changed the "username" for privacy reasons).
Anyone seen this type of vulnerability before? Any pointers please?
John.
--
-- Over 2400 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
More information about the MailScanner
mailing list