Looks like your McAfee software is using a less than stellar implementation of content filtering to detect this 'exploit'. There has been some discussion on content based filtering in the focus-virus list. I'd suggest referring it to your McAfee support people and express your concerns. The page is benign and contains only code snippets as samples:
<b>Exploit:</b> <p>This example attempts to read content from "c:/test.txt".</p> <p id="oCode"> <link id="oFile" rel="stylesheet" href="file://c:/test.txt" disabled><br> <script language="jscript"><br> onload=function () {<br> alert(document.styleSheets.oFile.cssText || "Could not extract any text from file.");<br> }<br> </script> </p> Cheers, Brad > -----Original Message----- > From: David Lane [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 2:36 AM > To: [EMAIL PROTECTED] > Subject: Trojan Programs from web site link in > [EMAIL PROTECTED] newsletter > > > Hello, In a newsletter I received from Security Wire Digest > on May 20, 2002 > they have a link to a web site that when clicked attempts to > download two > Trojan programs, which were blocked on my machine by McAfee > software which I > have set to scan all download files. I sent a notice back to > Security Wire, > below, but have not received a response and I just clicked on > the link again > and it is still trying to download the Trojans. I just wanted to make > others aware of this problem and also to ask if anyone else > had problems > with this organization. I am ready to unsubscribe to this > newsletter unless > I get a response from them. Do not click on the link unless > you have your > virus software set to scan all files that are downloaded. > > Message to Security Wire: > > subject:RE: SECURITY WIRE DIGEST, VOL. 4, NO. 39, MAY 20, 2002 > > Security Wire personnel: > > Please note when I clicked on the link in your newsletter, > "http://sec.greymagic.com/adv/gm004-ie" the web site > attempted to download > two Trojan programs to my computer. The files were > identified by McAfee as > MIA2B4ff and MV8R26CG. Both were listed a variants or > JS/Espolint-LocalCSS. > I repeated this process twice with the same results. > > David Lane > University of California Santa Cruz > Internal Audit and advisory services >