Educause Security Discussion mailing list archives
malware in images
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Wed, 23 Jun 2004 22:32:51 -0500
There's *early* report of lots of sites infected with images that contain malware. The Javascript appended to the images reaches back to "http: // 217.107.218.147/ dot.php" to get the next dose of malware. The embedded spaces in the URL are mine to prevent accidental launches. I'm running a current Symantec AV on my desktop. SAV catches what's at the URL as: Scan type: Realtime Protection Scan Event: Virus Found! Virus name: Download.Ject File: [obfuscated by Doug P]new[1].htm [and so forth...] Sites may wish to apply local network filters to block 217.107.218.147! Regards, Doug Pearson Research and Education Networking ISAC http://www.ren-isac.net Watch Desk 24x7: +1(317)278-6630 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- malware in images Doug Pearson (Jun 23)
- <Possible follow-ups>
- Re: malware in images Doug Pearson (Jun 24)
- Re: malware in images Kathy Bergsma (Jun 24)
- Re: malware in images Brian Eckman (Jun 24)
- Re: malware in images Jordan Wiens (Jun 24)
- Re: malware in images Jeff Kell (Jun 24)