[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM-based worm?

> > -- BEGIN SOURCE --
> >
> > <html><head><title>Browser Plugin Requried</title><meta
> > http-equiv="refresh" content="1;
> > url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Browser
> > Plugin Required:</h1><br>You may need to restart your browser for changes
> > to take affect.<br>Security Certificate by <a
> > href="http://www.verisign.com";>Verisign</a> 2002.<br>MD5:
> > 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a
> > href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose
> > "Run" to install.</body></html>
> >
> > -- END SOURCE --
>    Are we getting viruses and worms with valid CERTIFICATES, these days?
> I mentioned this possibility, when I was discussing Palladium, a couple
> of months back.  It's idea, in a nutshell, is that if someone has fully
> "opted in", their machine will *only* run code that has been properly
> "certified", by some central bureau.  My comment was a question about
> how long it would take people to figure out how to "fully certify" their
> Virus or Worm code?
>    Am I reading the above web page source correctly, that this is
> a Worm, certified by Verisign?

I don't think so.  I think it's just the text of the HTML page saying 
that -- part of the social engineering in play to get the user to execute 
the worm.


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com