Hi all, >From my look at it (by no means expert, but technologically minded), it appears to >need the browser windows open at least 5 minutes before the program is completely >installed. I can only guess that is to ensure that the file is completely >downloaded. I did load the page from WinXP but I closed it after it didn't show any >content for about 30 seconds. I then pulled the source to the pages on my linux >machine and as far as I can tell, it downloads the trojan as mime encoded text to a >file that by name looks like an error log. It then sets a timer for 300 seconds that >appears to do the actual install of the file.
My guess is that it is exploiting well known vulnerabilities in IE. That leaves all of us that don't use IE safe, at least from this one. Those of us running a non-windows platform (particularly a unix based platform) are generally safe from most all of these types of attacks as well. Hope this helps, Matthew Schlegel http://guesses.goldbuilders.com/ On Fri, 10 Jan 2003 00:40:47 +0100 "marco" <[EMAIL PROTECTED]> wrote: > Hello > quite frankly I have no idea... > Maybe Bryan or some other tech head here could shed some light on this? All > I know is it is a dangerous trick..! > > marco > www.paybygold.com --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
