Re: WIERD

> A: Sounds like the same "take over" virus that has hit a LOT of Unix based 
> website servers over the past few months. EXPL_DHTML.gen is it's name and it 
> downloads itself to steal passwords and credit card numbers. I found no less 
> than 25 attempted drops of this peckerwood in my XP machine from people my 
> wife gets email from. (it actually hides in the HTML of an email and isn't 
> an attachment) I finally tracked it down to www.smartbargains(1).com cookies 
> in all their machines.

EXPL_DHTML is not a virus, it's a trojan horse.  It does not spread
through email like virii that infect Windoze boxes, and if it did, it
wouldn't affect Unix web servers.  That's not how Unix works.  The
EXPL_DHTML.A proof-of-concept had to be installed intensionally by
the admin of a malicious web site.  The EXPL_DHTML.gen has never been
seen in the wild, and checks for it have produced a LOT of false positives,
according to Trend Micro.  TM has since removed this definition from their
dictionary because it was causing too many problems.  Your wife should
update her virus definitions.

And yes, the server misconfiguration has become very annoying.

ObAMCContent:  Like Greg, I also want to install the TFI upgrade soon
on my '77 Wag's 401.  I'm only getting about 7.5 mpg lately.  It needs
attention.  I'm glad it's not my daily driver.

				-- Obi-Wan
				   '95.5 YJ, '77 Wag, '78 Wag, '87 GW

-- 
Ben "Obi-Wan" Hollingsworth                             obiwan@xxxxxxxx
   The stuff of earth competes for the allegiance I owe only to the
     Giver of all good things, so if I stand, let me stand on the
       promise that You will pull me through.  -- Rich Mullins