Tue Jun 4 12:17:20 MDT 2013
Even worse, this virus can be spread to users who simply surf to a web page
servers, and this script launches a readme.eml file, which Internet Explorer
then opens and executes.
The code appended to infected web pages is:
window at X6000 Y6000, ie., way off your screen so you can't see it. A
quick, unproven workaround seems to be to associate .eml files with Notepad.
IE still opens the new window, however, and I'm not certain if this is
enough to infect.
Note that an infected web server will have a "readme.eml" file on the server
in root. That's a good way to check if your NT server is infected, I would
This server worm uses exploits that have had patches for some time now. If
you run Windows, you need to go to windowsupdate.com to make sure you are up
to date with patches.
More information about the LUG