Re: [Declude.Virus] Spam Link with 1639 port web link, possibly malicious?

[William Stillwell]

MyDoom.AI     From Symantec Site:   The email contains a hyperlink that, when clicked on, takes the user to an .html page that exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (BID 11515). When this page is viewed the file http://[remote address]:1639/reactor is downloaded as %Desktop\vv.dat to the infected computer and executed. This file is detected as [EMAIL PROTECTED].   ----- Original Message ----- From: Jim Matuska To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, November 08, 2004 6:45 PM Subject: [Declude.Virus] Spam Link with 1639 port web link, possibly malicious? Has anyone noticed a influx of email messages with spam type content that seems to link to a 1639 port on a remote webserver.  I have had several reports of these in the last half hour, some appear to be fake paypal scams, one was porn related, but both link to the same site and one user actually reported the message causing their PC to reboot.  Any else seen these.   Jim Matuska Jr. Computer Tech II CCNA Nez Perce Tribe Information Systems [EMAIL PROTECTED]