ammending a minor error in what i posted previously.
Systems Affected: Systems running Microsoft Windows 95, 98, ME, NT, and 2000
Basically it preys upon a bug of I.E. and outlook to automatically execute
.eml files
my bad.
Michael
Jeff wrote:
> I viewed the default web page on a machine known to be infected with Code
> Red II. In doing so, another browser window that appeared to be blank
> popped open, and the address in the title bar the name 'readme.eml'
> appeared. When I viewed the source of the page, this is the code that was
> contained there in-- attached as 'readme.txt' just in case it is malicious
> and would affect others using MS Outlook to read this.
>
> Can anybody tell me what purpose this might serve?
>
> ------------------------------------------------------------------------
>
> <HTML><HEAD></HEAD><BODY bgColor=#ffffff>
> <iframe src=cid:EA4DMGBP9p height=0 width=0>
> </iframe></BODY></HTML>
--
Michael Sim
System/Network Administrator
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mobile: +61 (0)413 417 822 Level 1, 3 Montague St
Phone: +61 (0)2 9555 5666 Balmain NSW
Fax: +61 (0)2 9555 5688 Australia 2041
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
