New virus?
Julian Field
mailscanner at ecs.soton.ac.uk
Tue May 11 15:23:01 IST 2004
The link points to here:
http://drs.yahoo.com/ecem.com/NEWS/*http://
www.security-warning.biz/personal6/maljo24/www.YAHOO.com/#http://drs.yahoo.com/ecem.com/NEWS
which is all 1 URL. Not sure what the * does, but everything after the # is
an anchor I guess.
www.security-warning.biz/personal6/maljo24/www.YAHOO.com/
points to a file containing this in the middle of it. I have removed the
obvious junk, and am left with a bit of javascript code that says this:
self.moveTo(5000,5000);
parent.navigate('terra.html');
which produces
http://www.danni.com/directors/dannicash?dcwid=100863&redirpg=www.danni.com/free/modelsdir.html
which reaches www.danni.com/free/modelsdir.html which is a pron site.
At 14:32 11/05/2004, you wrote:
>We are receiving messages that contain only a link in the body. I cannot
>confirm it is a virus but it is mass mailed and is pretending to be
>something else.
>
>This is the complete contents of the df file of the virus (I would NOT
>open the url on a Winblows box!):
>
>
><http://drs.yahoo.com/ecem.com/NEWS/*http://>http://drs.yahoo.com/ecem.com/NE
>WS
>
>It is not detected up by 3 different virus scanner and I could not
>find any info about it in google.
>
>I tried downloading the webpage but did not succeed.
>
>Can we block such constructed url's in MailScanner?
>
>-------------------------- MailScanner list ----------------------
>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
>Before posting, please see the Most Asked Questions at
>http://www.mailscanner.biz/maq/ and the archives at
>http://www.jiscmail.ac.uk/lists/mailscanner.html
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list