|
Kapil Sethi
System Administrator BharatConnect Ltd. Ph: 011-6430987 ----- Original Message -----
From: Amit
Sehgal
To: Kapil Sethi
Sent: Friday, February 15, 2002 10:07 AM
Subject: Alert Dear Kapil,
Pls. read this......the
problem u were facing yesterday......
MSN Messenger users
are coming under attack, just days after the announcement of a new vulnerability
launched via JavaScript. Users should be particularly aware of any
Valentine-related messages, as this exploit code has become widely available on
yesterday and today, Valentine's Day. New malicious code, called
JS/Exploit-Messenger by Network Associates Inc., obtains e-mails from MSN
Messenger to perform a mass-messaging routine (ID# 107553, Feb. 14, 2002).
Recipients receive a simple message in MSN Messenger, prompting them to visit a
website with malicious JavaScript. The original vulnerability was an attempt to
collect information regarding users visiting a website. Upon visiting a website,
JavaScript collected information from computers with MSN Messenger active in
memory, such as e-mail addresses and display names. The exploit code remains
available for downloading from the underground as of 10:05 GMT on Feb. 14. As a
result, multiple variations of this new JavaScript exploit are quickly emerging
in the wild. Users should be wary of visiting any unknown website referred to
them via MSN Messenger, claiming to carry a Valentine's Day message (12:50 GMT
Feb. 14, 2002).
Regards,
Amit Sehgal
Manager-Corporate Marketing Bharat Connect Limited F-13, Kailash Colony, New Delhi-110 048. Tel: +91-11-6430987 Fax: +91-11-6483815 www.bharatconnect.com |
