Looks like your McAfee software is using a less than stellar implementation of content
filtering to detect this 'exploit'. There has been some discussion on content based
filtering in the focus-virus list.
I'd suggest referring it to your McAfee support people and express your concerns.
The page is benign and contains only code snippets as samples:
<b>Exploit:</b>
<p>This example attempts to read content from "c:/test.txt".</p>
<p id="oCode">
<link id="oFile" rel="stylesheet" href="file://c:/test.txt" disabled><br>
<script language="jscript"><br>
onload=function () {<br>
alert(document.styleSheets.oFile.cssText || "Could not extract any text from
file.");<br>
}<br>
</script>
</p>
Cheers,
Brad
> -----Original Message-----
> From: David Lane [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 2:36 AM
> To: [EMAIL PROTECTED]
> Subject: Trojan Programs from web site link in
> [EMAIL PROTECTED] newsletter
>
>
> Hello, In a newsletter I received from Security Wire Digest
> on May 20, 2002
> they have a link to a web site that when clicked attempts to
> download two
> Trojan programs, which were blocked on my machine by McAfee
> software which I
> have set to scan all download files. I sent a notice back to
> Security Wire,
> below, but have not received a response and I just clicked on
> the link again
> and it is still trying to download the Trojans. I just wanted to make
> others aware of this problem and also to ask if anyone else
> had problems
> with this organization. I am ready to unsubscribe to this
> newsletter unless
> I get a response from them. Do not click on the link unless
> you have your
> virus software set to scan all files that are downloaded.
>
> Message to Security Wire:
>
> subject:RE: SECURITY WIRE DIGEST, VOL. 4, NO. 39, MAY 20, 2002
>
> Security Wire personnel:
>
> Please note when I clicked on the link in your newsletter,
> "http://sec.greymagic.com/adv/gm004-ie"; the web site
> attempted to download
> two Trojan programs to my computer. The files were
> identified by McAfee as
> MIA2B4ff and MV8R26CG. Both were listed a variants or
> JS/Espolint-LocalCSS.
> I repeated this process twice with the same results.
>
> David Lane
> University of California Santa Cruz
> Internal Audit and advisory services
>
