Security Incidents mailing list archives
Re: Superkay.com:888
From: "sanghun" <mil21 () www hansecure com>
Date: Wed, 19 Sep 2001 11:52:47 +0900
it's problem about DNS pollution if you use w2k , check these setting http://www.microsoft.com/windows2000/en/datacenter/help/default.asp?url=/WINDOWS2000/en/datacenter/help/sag_DNS_pro_SecureCachePollutedNames.htm other vendor product need checking DNS pollution!! ----- Original Message ----- From: "Richard Bradford" <rbradford () vendaregroup com> To: <incidents () securityfocus com> Sent: Wednesday, September 19, 2001 8:44 AM Subject: Superkay.com:888
Anyone see this come up just a while ago on the Oracle home page? (www.oracle.com) and www.cnn.com had the same problem. It appeared to redirect me to the superkay.com:888 page. But nothing else. I checked the source of this culprit page and there was nothing special about it. I've included a screen shot of this redirected web page. rdb -----Original Message----- From: Bernie Cosell [mailto:bernie () fantasyfarm com] Sent: Tuesday, September 18, 2001 1:13 PM To: incidents () securityfocus com Subject: Re: New "concept" virus/worm? On 18 Sep 2001, at 14:01, Jim Olsen wrote:This is a cumulation of the information i've found on W32.nimda thus far: W32.nimda is NOT a code red variant, and the people who referring to it as"Code Blue" were mistaken...[...]EVERYONE who uses internet explorer to browse the internet should probablydoone of two things to stop from being automatically infected by W32.nimda(ihave not tested whether or not turning off javascript fixes the problem): o) don't browse web pages until microsoft releases a patch o) turn OFF javascriptI was under the impression that the vulnerability that nimda exploits was known and has been patched (in May) <http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q290108> <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security /bulletin/ms01-020.asp>EVERYONE who uses outlook/outlook express should, at the very least, notopenany attachments that they are not expecting.THIS recommendation has nothing to do with nimda -- anyone who hasn't gotten *THIS* message yet is hopeless... Taking the opportunity to restate it here is OK, I guess, since a lot of folk jsut WONT get the message.. Turning off auto-preview might be a good idea as well.Why? /bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:bernie () fantasyfarm com Pearisburg, VA --> Too many people, too few sheep <-- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
--------------------------------------------------------------------------------
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Superkay.com:888 Richard Bradford (Sep 18)
- Re: Superkay.com:888 sanghun (Sep 18)
- <Possible follow-ups>
- RE: Superkay.com:888 Dave Hart (Sep 18)