New MiMail variant is DDoS'ing SCO.com

Grok Headline matches for New MiMail variant is DDoS'ing SCO.com

Re: New MiMail variant is DDoS'ing
SCO.com

Re: New MiMail variant is DDoS'ing
SCO.com 01/28/2004 03:36 PM
Bob Toxen (Jan 27 2004)

Destructive MiMail variant hits web

Destructive MiMail variant hits web 11/03/2003 10:05 AM
vnunet.com Nov 3 2003 8:50AM ET

Mimail variant attacks anti-spam sites.
Again

Mimail variant attacks anti-spam sites.
Again 12/02/2003 11:01 AM
This time it's war

Mimail.C

Mimail.C 10/31/2003 12:49 PM
Alan (Oct 31 2003)

New Mimail worm wants your money

New Mimail worm wants your money 11/15/2003 01:09 AM
Sunday Times South Africa Nov 15 2003 0:12AM ET

Mimail-M sent through home computers

Mimail-M sent through home computers 12/04/2003 12:00 PM
PC Pro Dec 4 2003 10:44AM ET

MiMail.c prevention and cure

MiMail.c prevention and cure 10/31/2003 07:25 PM
The worm also carries a denial-of-service attack payload. MiMail tests Internet connectivity by attempting to contact the Google Web site. ...

PayPal targeted again by Mimail mutant

PayPal targeted again by Mimail mutant 11/18/2003 11:34 AM
ZDNet Nov 18 2003 10:23AM ET

Re: Mimail.C (Denial of Service Attack)

Re: Mimail.C (Denial of Service Attack) 10/31/2003 08:29 PM
K-OTiK Security (Oct 31 2003)

MiMail.I worm warnings upgraded

MiMail.I worm warnings upgraded 11/17/2003 09:13 AM
Personal Computer World Nov 17 2003 8:24AM ET

More MiMail Worms Spotted, Others On The
Way (TechWeb)

More MiMail Worms Spotted, Others On The
Way (TechWeb) 01/17/2004 10:46 PM

Mimail Family Overruns List of Top
Viruses

Mimail Family Overruns List of Top
Viruses 12/04/2003 05:57 PM
Internet.com Dec 4 2003 4:15PM ET

New MiMail Worm Belittles President Bush

New MiMail Worm Belittles President Bush 01/08/2004 08:27 PM

PayPal scam tries to jumpstart new
Mimail worm

PayPal scam tries to jumpstart new
Mimail worm 01/16/2004 10:58 AM
After releasing a new version of the Mimail e-mail worm last week, virus authors are using a new tool this week to help it spread: spam e-mail containing a Trojan horse program that, once installed, retrieves and installs the worm.

ADVERTISEMENT:

Get strong 128-bit SSL security for your online business - To secure your servers with 128-bit SSL encryption, download a copy of the free VeriSign Guide, "Securing Your Web site for Business." You'll learn everything you need to know about encrypting e-commerce transactions, securing corporate intranets, and authenticating your Web site.

Mimail mutant targets PayPal users

Mimail mutant targets PayPal users 11/18/2003 03:17 PM
CNET Nov 18 2003 2:38PM ET

Mimail-C worm poses as sexy photos

Mimail-C worm poses as sexy photos 11/03/2003 05:28 AM
Anti-spam DDoS variant

MiMail worm uses ZIP files to rampage
across corporations

MiMail worm uses ZIP files to rampage
across corporations 11/01/2003 06:21 AM

New Mimail mixes tricks for PayPal scam

New Mimail mixes tricks for PayPal scam 01/18/2004 11:32 PM
CNET Asia Jan 19 2004 3:48AM GMT

PayPal users targeted by latest Mimail
mutant

PayPal users targeted by latest Mimail
mutant 11/18/2003 11:20 PM
CNET Asia Nov 18 2003 10:21PM ET

MiMail Virus Attacking Anti-Spam Groups

MiMail Virus Attacking Anti-Spam Groups 12/04/2003 02:30 PM
The latest mutant has been programmed to launch a denial-of-service attack on anti-spam groups like the Spamhaus Project and SpamCops.

Mimail worm variants attack antispam
sites

Mimail worm variants attack antispam
sites 11/04/2003 07:35 AM
Computer Weekly Nov 4 2003 6:40AM ET

Mimail variants spreading, target
antispam sites

Mimail variants spreading, target
antispam sites 11/03/2003 06:00 PM
The worm variations, dubbed Mimail.E, Mimail.F and Mimail.H, use e-mail messages taken from the hard drives of infected computers to spread.

New MyDoom variant

New MyDoom variant 08/04/2004 03:24 PM
albatross_at_tim.it (Aug 04 2004)

Re: New MyDoom variant

Re: New MyDoom variant 08/04/2004 03:24 PM
Paul Kurczaba (Aug 04 2004)

New Bagle variant seen in the wild

New Bagle variant seen in the wild 07/16/2004 10:22 AM
Antivirus software companies late Thursday and early Friday began warning e-mail users that the persistent Bagle virus has re-emerged in a new version, Bagle.AF or Beagle.AB.

RE: Registry Fix For Variant of Scob

RE: Registry Fix For Variant of Scob 07/05/2004 02:38 PM
Thor Larholm (Jul 03 2004)

Another New Bagle Variant Spreads

Another New Bagle Variant Spreads 07/17/2004 06:27 AM
Techzonez Jul 17 2004 11:10AM GMT

New Sasser variant indicates copycat

New Sasser variant indicates copycat 05/12/2004 11:16 AM
The worm reappears as Sasser.F, even after the arrest of a teenager suspected of writing the original.

Scob variant using IIS 6.0 or just
upgrades ?

Scob variant using IIS 6.0 or just
upgrades ? 07/07/2004 05:53 PM
Hubbard, Dan (Jul 07 2004)

Registry Fix For Variant of Scob

Registry Fix For Variant of Scob 07/03/2004 11:49 AM
Drew Copley (Jul 02 2004)

Price not right on Bagle variant

Price not right on Bagle variant 08/09/2004 05:06 PM
New version of worm floods e-mail in-boxes with bogus price quote messages.

Price isn't right for new Bagle variant

Price isn't right for new Bagle variant 08/10/2004 05:37 AM
Worm du jour

New Code Red variant reported

New Code Red variant reported 03/13/2003 10:16 AM
Antivirus vendors rated CodeRed.F a low risk, saying that it exploits an IIS vulnerability that many systems administrators have long since patched.

Another Bagle variant tries to spread

Another Bagle variant tries to spread 09/01/2004 03:38 PM
New version turns off security and attempts to download malicious programs from the Net--but it's not likely to get far.

Sasser variant suggests copycat

Sasser variant suggests copycat 05/12/2004 09:38 PM
Sympatico May 13 2004 1:07AM GMT

plinks - a purple numbers variant

plinks - a purple numbers variant 05/30/2004 02:54 AM

Via Tim Bray, I came across the concept of Purple Numbers. In a nutshell these are permalinks attached to every paragraph on a page which, to paraphrase Tim, make every paragraph on a page a first-class Web citizen.

That's a very worthy concept, but the implementations I've seen have so far failed to inspire me. First of all, while the ability to link to any paragraph on a page is useful, the links themselves are either ugly, distracting or both. While reading Tim's entry I found myself mentally pausing after each paragraph: probably because I'm used to the purple # marks on Scripting News and other such sites designating the end of an entry. They're also extra cruft in my markup.

So, my ideal purple numbers implementation would minimise markup pollution and visual clutter.

Another issue with purple numbers is permanency: they're absolutely no good if they don't stay as true permalinks. This rules out naively generating them on the fly when a page is outputted as future edits to an article could result in links targetting different paragraphs entirely. Instead, the links (in the form of id attributes on paragraph tags) need to be assigned when the content is created. If additional paragraphs are later added to the content they should be numbered in such a way as not to intefere with the original paragraph links, which I shall call plinks for the sake of brevity.

We'll ignore the issue of visual clutter for the moment: let's look instead at how plinks can be introduced without polluting the markup of my pages. While the IDs that form the target of the links are a critical part of the structure of the page, the actual links are something of a convenience for people who don't want to dig through my source code looking for IDs and are unaware of the various bookmarklets that can reveal them (such as Jesse Ruderman's named anchors). As such, I don't see the links as a critical part of the page content, so I have no qualms whatsoever about appending them to the page using JavaScript after the page has loaded. Here's the function I'm using:

function addpLinks() {
  var paras = document.getElementsByTagName('p');
  for (var i = 0; i < paras.length; i++) {
    var current = paras[i];
    if (/^p-/.test(current.id)) {
      // It's a purple link paragraph
      var plink = document.createElement('a');
      plink.href = document.location.href.split('#')[0] + 
        '#' + current.id;
      plink.className = 'plink';
      plink.appendChild(document.createTextNode(' #'));
      current.appendChild(plink);
    }
  }
}

The function iterates over every paragraph on the page looking for paragraphs with an id that starts with "p-", my chosen format for plink IDs. When it finds one, it creates a new link using the DOM and assigns it an href attribute which is the base URL of the current page (not including any existing fragment identifier) with a # and the paragraph's ID appended on the end.

My plinks all have a class of "plink", which allows me to style them. This is where I can reduce the visual clutter on the page as much as possible. Consider the following:

p a.plink {
  text-decoration: none;
  color: #c8a8ff;
  display: none;
}
p:hover a.plink {
  display: inline;
}

In an ideal world this would make the links invisible until the mouse cursor was positioned over the containing paragraph. Unfortunately, IE for Windows only honors the :hover pseudo-selector when it is applied to links. I'd like IE users to have at least a chance of discovering my plinks, so I came up with this:

p a.plink {
  text-decoration: none;
  color: #fff; /* the page background colour */
}
p:hover a.plink, p a:hover.plink {
  color: #c8a8ff;
}

The plinks are initially invisible by virtue of having the same colour as the page background. In browsers that support :hover on paragraphs, they become visible (by changing colour) when the mouse hovers over the paragraph. In browsers that only support :hover on links, they become visible when the mouse hovers over the links. Sure, they're a lot harder to find but I see it as an easter egg for IE users. Another example of MOSe in action.

There are a couple of more pieces to the puzzle. Firstly, adding all of those IDs to those paragraph tags is the kind of task that humans avoid and computers thrive on. Now I could automate this in my CMS, but I'm not in the mood for PHP at the moment so I've automated it in a bookmarklet instead: Add plink IDs (drag to your bookmarks). The bookmarklet will look inside any textareas on the current page and add an ID to every paragraph, provided it's a simple <p>. It's something of a quick hack but it does the job. Here's the bookmarklet code expanded to show how it works:

javascript:(function() {
  var tas = document.getElementsByTagName('textarea');
  for (var i = 0; i < tas.length; i++) {
    var ta = tas[i];
    var text = ta.value.replace('<p>', function() {
      if (typeof arguments.callee.counter == 'undefined') {
        arguments.callee.counter = 0;
      }
      return '<p id="p-'+arguments.callee.counter++ +'">';
    });
    ta.value = text;
  }
})();

Incidentally, the above uses a technique I picked up today while flicking through David Flanagan's eternally useful JavaScript: The Definitive Guide. Inside a JavaScript function a special object called arguments is available. The object has a property called callee which refers to the function itself, even if as above it's an anonymous function. Since functions are objects they can have properties: in this case, I create a counter property and use it to keep track of the IDs as I assign them. The whole lot is contained within a function argument to a replace call, where the function is called every time a <p> is found to determine what to replace it with.

At this point I had everything I needed, but then inspiration struck: how about a method of highlighting a paragraph if a user should visit a page using a link that targetted it? Suporting this meant adding yet another function to be executed once the page had loaded:

function plinkHighlight() {
  if (/#p-/.test(document.location)) {
    // The user arrived via a plink
    var plink_id = document.location.split('#')[1];
    var para = document.getElementById(plink_id);
    para.className = para.className + ' plinkHighlight';
  }
}

A custom style for the highlighted paragraph can now be defined using the plinkHighlight class hook.

I've now implemented all of the above on this site (mostly in the file plinks.js) although currently this is the only entry that contains plink IDs. Best of all, I didn't have to touch a single line of my CMS! This JavaScript thing could really catch on some day.

New MyDoom Variant Targets Symantec

New MyDoom Variant Targets Symantec 09/17/2004 02:18 PM
theWHIR Sep 17 2004 6:33PM GMT

New Sober variant creating trouble

New Sober variant creating trouble 04/19/2005 11:15 AM
TechWorld Apr 19 2005 3:05PM GMT

Infected PCs spew MyDoom variant

Infected PCs spew MyDoom variant 08/16/2004 12:07 PM
Business as usual
Grok Description matches for New MiMail variant is DDoS'ing SCO.com
GrokA matches for New MiMail variant is DDoS'ing SCO.com

New MiMail variant is DDoS'ing SCO.com

The following phrases have been identified by the grok system as matching this entry: