On Wed, 21 Jan 2004, Royce Williams wrote: > Our customer base got hit today with a virus that slipped through > via some wily obfuscation that I hadn't seen before. What it does, > in a nutshell, is a base64-encoded .hta file that has VBScript in it > to convert a long string of hex into a binary, store it in your > system32 directory, and run it.
But .hta files should be blocked, unless you've modified the $bad_exts list. Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
