Hi All, Leon, I just tried your great tip for a change and I clicked on http://www.liquidwd.freeserve.co.uk/ with a fully patched W2K machine (with PC-cillin installed) and got the following message (having it set to Quarantaine in all instances, with a final delete if no succeed): Begin snippet:
Warning! xxx PC-Cillin has detected a virus. Please run a complete scan of all files to be sure that the virus has not spread. real-time scan: Infected file: F:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\4H6RW56R\liquidwd.freeserve.co[1].htm Virus name: JS_CIDEXPLOIT.B User name: xxx Action Taken: Quarantined End snipped: For the unaware amongst you; if anything is opened through IE - then it will be initially cached (let's not go into memory-management) by IE into the 'Temporary Internet Files' directories, that's why it references it as such. Leon, I think your advise "be scared, very scared" kind of sucks really, cause you and I know people will try, and we all know you don't 'invite' people that way ... we've got enough work on our hand as it is, thanks a lot! I believe the statistics still mention some 35-50% of all people surfing without adequate AV? Anyway, this is not exactly a firewall issue, is it? Most of us know FW's just pass or not, based on rules. Don't distract the newbies, years ago it took me weeks and months to find out the nitty of things, if it weren't for the kind few.. It's still scanning btw, at 34.158 files, i'll let you know in a couple of hours if it hit me. But I know the answer already - Anti-Virus may carry even more weight than FW's do sometimes, imagine a hacker trying to copy his exploits onto a rooted box through NetCat or something.. who's your best friend at that point? AV or FW? Bye now, Marnix DaemonLabs.com - The Netherlands. ----- Original Message ----- From: "ruler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: 06 March, 2002 8:21 PM Subject: Re: scary site > There are also sites that will let you view all of your directory trees, > which a server could easily see all of your files. Which do you think is > more scary? > ----- Original Message ----- > From: "leon" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, March 05, 2002 12:30 PM > Subject: scary site > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > http://www.liquidwd.freeserve.co.uk/ > > > > > > Try it with a windows machine and IE with all patches. > > > > Be afraid be very afraid. > > > > FYI this is for all those people who are think that just having a > > firewall is enough. > > > > Guess what? > > > > This works through packet filter, stateful inspection and proxy > > servers. > > > > Cheers, > > > > Leon > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > > > iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t > > T73+xCv/VhrCGDVDIVrFBqZl > > =9gR6 > > -----END PGP SIGNATURE----- > > >
