[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM-based worm?



> > -- BEGIN SOURCE --
> >
> > <html><head><title>Browser Plugin Requried</title><meta
> > http-equiv="refresh" content="1;
> > url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Browser
> > Plugin Required:</h1><br>You may need to restart your browser for changes
> > to take affect.<br>Security Certificate by <a
> > href="http://www.verisign.com";>Verisign</a> 2002.<br>MD5:
> > 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a
> > href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose
> > "Run" to install.</body></html>
> >
> > -- END SOURCE --
> 
>    Are we getting viruses and worms with valid CERTIFICATES, these days?
> I mentioned this possibility, when I was discussing Palladium, a couple
> of months back.  It's idea, in a nutshell, is that if someone has fully
> "opted in", their machine will *only* run code that has been properly
> "certified", by some central bureau.  My comment was a question about
> how long it would take people to figure out how to "fully certify" their
> Virus or Worm code?
> 
>    Am I reading the above web page source correctly, that this is
> a Worm, certified by Verisign?
> 

I don't think so.  I think it's just the text of the HTML page saying 
that -- part of the social engineering in play to get the user to execute 
the worm.

-Troy


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com