[THIN] FW: Block .hta file extensions ALERT

  • From: "Nail, Larry" <lnail@xxxxxx>
  • To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>,"Windows2000 (windows2000@xxxxxxxxxxxxx)" <windows2000@xxxxxxxxxxxxx>
  • Date: Fri, 9 May 2003 15:45:06 -0500 


-----Original Message-----
Here's an Unofficial ALERT from the ICSA Labs that's being reviewed this
afternoon.  May grow into a problem, we'll know in about 7 more hours.
Larry
ICSA LABS and TruSecure 

Summary:

There is a probable new mass mailer circulating today which requires some
attention. The file type is .hta. It appears that it contains a script which
drops an exe. At this point, it's not clear if it's a mass mailer, or if
it's simply being spammed around, but in any case, you want to stop it.

Action required:

Add .hta to the list of blockable file types at your email gateway. (Please
note that .hta is in the master list of executable file types in the AVPG)

And the "issues"

Issue 1: WEBDAV worm

Summary:

There is some discussion about a WEBDAV worm being active today. Having
looked at it we conclude that it is probably a script, and not a worm.
WormCatcher is not seeing any extra activity on WEBDav probes, and little
"unknown" stuff on port 80. If it is a worm, it's not being too successful.
Please note that we at TruSecure continue to believe that vulnerable
webDav/NTDLL systems will get "Wormed" at some point.

Action required: None

Issue 2: BlueMountain card worm (W32/Cult.C@mm)

Summary:

It purports to be an e-card from BlueMountain.com. The attachment is,
however, a .pif file. Anyone blocking .pif files has little to fear.

Action required: None (Provided you are blocking .pifs)

********************************************************
This Week's Sponsor - Emergent Online
EOL's Universal Printer new Features include:
Network Printing, Pagestreaming, 2400 DPI.
No Client Software Required!
http://www.go-eol.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

  • » [THIN] FW: Block .hta file extensions ALERT
  1. Home
  2. thin
  3. Archive
  4. 05-2003