On Mon, Dec 30, 2002 at 06:00:43PM +0000, Alan Chandler wrote: | HTML Code follows here, showing the original message in an iframe and using | another iframe to hide an executable. That's the "nimbda" worm. It forges the From: header using an address randomly chosen from the infected machine's Windows address book. Naturally MS Outlook will render the HTML part of the message including the (non-standard) iframe tag. The iframe tag causes Outlook/Windows to execute the attached worm. The list server bounced your first message because only the nimbda worm uses an iframe tag in an email message. -D -- A)bort, R)etry, D)o it right this time http://dman.ddts.net/~dman/
Attachment:
pgpyMuw4fsfFv.pgp
Description: PGP signature