-----Original Message----- Here's an Unofficial ALERT from the ICSA Labs that's being reviewed this afternoon. May grow into a problem, we'll know in about 7 more hours. Larry ICSA LABS and TruSecure Summary: There is a probable new mass mailer circulating today which requires some attention. The file type is .hta. It appears that it contains a script which drops an exe. At this point, it's not clear if it's a mass mailer, or if it's simply being spammed around, but in any case, you want to stop it. Action required: Add .hta to the list of blockable file types at your email gateway. (Please note that .hta is in the master list of executable file types in the AVPG) And the "issues" Issue 1: WEBDAV worm Summary: There is some discussion about a WEBDAV worm being active today. Having looked at it we conclude that it is probably a script, and not a worm. WormCatcher is not seeing any extra activity on WEBDav probes, and little "unknown" stuff on port 80. If it is a worm, it's not being too successful. Please note that we at TruSecure continue to believe that vulnerable webDav/NTDLL systems will get "Wormed" at some point. Action required: None Issue 2: BlueMountain card worm (W32/Cult.C@mm) Summary: It purports to be an e-card from BlueMountain.com. The attachment is, however, a .pif file. Anyone blocking .pif files has little to fear. Action required: None (Provided you are blocking .pifs) ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm