N
nutso fasst
http://secunia.com/advisories/12041
Someone in Russia is trying to take advantage of this. I received an HTML
email with header forged to appear to be from a known source. No malicious
attachments. The HTML included this element:
<object data="http://www.vikord.com/default.htm">
Unobfuscated, the URL is www.vikord.com/default.htm, a Russian domain. The
web page tries to run an active-x control. IF I had forwarded the message to
the forged recipient to show them their address was being spoofed and IF I
were using MS-WORD as email editor, the active-x control would have run
without warning and my system would probably be infected with something.
Is MS working to fix this issue?
Does anyone know how to find out what a malevolent web page is trying do
without getting whacked? Since the orginating IP of the email is in the USA,
I suspect it is a trojan purveyor.
nf
Someone in Russia is trying to take advantage of this. I received an HTML
email with header forged to appear to be from a known source. No malicious
attachments. The HTML included this element:
<object data="http://www.vikord.com/default.htm">
Unobfuscated, the URL is www.vikord.com/default.htm, a Russian domain. The
web page tries to run an active-x control. IF I had forwarded the message to
the forged recipient to show them their address was being spoofed and IF I
were using MS-WORD as email editor, the active-x control would have run
without warning and my system would probably be infected with something.
Is MS working to fix this issue?
Does anyone know how to find out what a malevolent web page is trying do
without getting whacked? Since the orginating IP of the email is in the USA,
I suspect it is a trojan purveyor.
nf