That would be my ado thingie There's a temporary fix over at http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm --jelmer On Tuesday 23 September 2003 21:13, Brent Meshier wrote: > Mark, > The code you just sent looks familiar to a SPAM I received > attempting to hijack users' e-gold accounts. Out of curiosity I > followed that link which loaded start.html (attached). What worries me > is that I'm running IE 6.0.2800.1106 with all the latest patches from > Microsoft and this page (start.html) rewrote wmplayer.exe on my local > drive without notice. After closing the page, I found two .exe files on > my desktop (which loaded from http://doz.linux162.onway.net/eg/1.exe). > Is this a new unknown vulnerability? > > Brent Meshier > Global Transport Logistics, Inc. > http://www.gtlogistics.com/ > "Innovative Fulfillment Solutions" > > -----Original Message----- > From: Mark Coleman [mailto:markc@uniontown.com] > Sent: Tuesday, September 23, 2003 11:43 AM > To: bugtraq@securityfocus.org > Subject: [Fwd: Re: AIM Password theft] > > Hi, can anyone shed some light on this for me? If this is new, its > going to spread like wildfire. AOL or incidents lists have yet to > reply.... it appears to be a legitimate threat as I have at least one > user "infected" already.. Thank you.. > > -Mark Coleman
