Wednesday, 11 December 2002

Me, an' me ol' pal Mark, are having a problem with a weird virus/Trojan. It seems to take an email from the sender, add the Trojan, and repeatedly send it by making the server think that it has not been sent ---- got it?

This is the message I get when BT traps the virus. (Good service eh?)
This message has been processed by BTopenworld Email Protection Service powered by Brightmail(TM) Anti-Virus using Symantec's Norton AntiVirus Technology. The file attached to this message was found to contain the malicious virus JS.Exception.Exploit and has been removed by BT Openworld Email Protection Service powered by Symantec."

And here is what McAfee (good trapping?) found (See here) The file wbkb354.tmp is not on my HD.

JS.Exception.Exploit is an exploit that allows Java applets to run arbitrary code on unpatched versions of Microsoft Internet Explorer. In many cases, the applet may perform simple actions, such as changing your Internet Explorer home page. However, it can also be programmed perform actions such as a mass mailing, as in the case of VBS.Loding.A@mm, or to create file on your computer that perform almost any malicious action.