 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
In attempting to understand this situation, I need to ask a question: On Thu, 2003-10-02 at 10:35, wbeckham wrote: > I got the following from Trusecure this morning. > > - WB > > --------------------------------- > TruSecure Radar Notice [snip] > Summary: > Yesterday TruSecure began to observe evidence of an active attack against > users of Internet Explorer 6.0. The attack comprised of a banner, hosted by > FortuneCity.com, which in turn used JavaScript to redirect the self-closing > "pop-under" banner to a site hosted by EV1.NET (Everyone's Internet.) An > EV1.NET site then delivered executable code which in turn invoked the HTA > vulnerability. Would blocking the IP address of the EV1.NET site from outbound traffic defeat this attack? If so, this strikes me as much more time efficient than visiting each PC and turning off scripting, etc. ________________________________________________________________________ Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - [EMAIL PROTECTED] Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region If you would like to discuss an opportunity with me, please e-mail. _______________________________________________ list mailing list [EMAIL PROTECTED] To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.