18 Sep
2001
18 Sep
'01
5:52 p.m.
One of the spread methods has to do with retrieving a file called "readme.eml" from the infected web servers. Adding this to my Cisco HBAR code red config seems to at least keep my customers from becoming infected using that method. class-map match-any http-hacks .. code red stuff.. match protocol http url "*readme.eml" Can anyone confirm exactly what filenames the email spread version uses? -- Mike Jackson <mhjack@tscnet.com> Vice-President TSCNet, Inc. Phone: 360-308-0205 Fax: 360-698-7789 http://www.tscnet.com