toker
07-20-2001, 10:46 PM
Here are some helpful links and info for hosting providers and webmasters regarding the wonderful new exploits spreading around the net..
Some info on yet another new trojan payload:
http://www.zdnet.com/zdnn/stories/news/0,4586,2792260,00.html
The Symantec Anti-Virus Research Center (SARC) has ranked the threat of the virus, entitled SirCam, a four, with five being the most serious.
For procmail users and for those who dont use might want to give it a try.
============== snip==============
#
# This one should help de-activate scripts included
# in email messages
:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
*^Content-Disposition: attachment;
*filename=".*\.(vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif)"
{
:0 fhbw
|/usr/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'
:0 c
/root/mail/virusmail.procmail
}
}
===========end snip==============
More info for procmail at:
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
Amnyone running these OS should read this:
http://www.eeye.com/html/Research/Advisories/AD20010618.html
Systems Affected:
Windows NT 4.0 Internet Information Services 4.0
Windows 2000 Internet Information Services 5.0
Windows XP beta Internet Information Services 6.0 beta
IIS users more related info:
http://cnet.com/webbuilding/0-7532-8-6557183-2.html?tag=st.bl.7532-8-6557183-1.txt.7532-8-6557183-2
Some info on yet another new trojan payload:
http://www.zdnet.com/zdnn/stories/news/0,4586,2792260,00.html
The Symantec Anti-Virus Research Center (SARC) has ranked the threat of the virus, entitled SirCam, a four, with five being the most serious.
For procmail users and for those who dont use might want to give it a try.
============== snip==============
#
# This one should help de-activate scripts included
# in email messages
:0
*^Content-type: (multipart/mixed|application/octet-stream)
{
:0 HB
*^Content-Disposition: attachment;
*filename=".*\.(vbs|chm|hlp|shs|wsf|vbe|wsh|hta|pif)"
{
:0 fhbw
|/usr/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/'
:0 c
/root/mail/virusmail.procmail
}
}
===========end snip==============
More info for procmail at:
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
Amnyone running these OS should read this:
http://www.eeye.com/html/Research/Advisories/AD20010618.html
Systems Affected:
Windows NT 4.0 Internet Information Services 4.0
Windows 2000 Internet Information Services 5.0
Windows XP beta Internet Information Services 6.0 beta
IIS users more related info:
http://cnet.com/webbuilding/0-7532-8-6557183-2.html?tag=st.bl.7532-8-6557183-1.txt.7532-8-6557183-2