Originally posted by Yeeeeeeha
well, kick ass for me. 
Now if anyone could answer this. I have a harware firewall. It's a Linksys router. Not sure the model number. It this a piece of crap for letting this through or should I just double check my security settings?
-Y
There is only one way they got in....
--------
when you went to some site which was infected...and there are still a few out there... the site automatically uploads the file to you.
So the first thing you should check ... is where were they...????
--------
the nimda code(nimba is some elephant name) places a javascript on all pages of infected servers....
the javascript opens the download window at 6000X6000 on the users screen . however on the mac, I had gotten a few windows that were very small at the bottom of the screen.... if you also noticed that Internet exploder was crashing a bit this might have been one of the reasons.
-------------
anyway, the .eml files may just sit on your disk, but they were designed to run automatically on windows machines.
------
also, Exploder thoughtfully renames each and everyone so you keep getting them...
in cases where the file would ask to be downloaded, it would say:
Do you want to read the "README" file???
naturally, you might say yes...if the site is one which you want to get information from.
I saw the suckers coming into my log files back when it first appeared in Sept. one of the first sites on the list was a Children's center information site run by the Japanese government.
I sent them a Fax, and the site was gone the next day...
-----------
in short you security is alright...until some d00d ports the suckers to MacOSX by finding a security flaw.
----------
At the moment, if you were "lucky" and running windows, you can get a free keystroke logger which also installs a backdoor so the hackers(or is it the FBI???) can grab your critical passwords, PGP keys and Creditcard numbers.
(badtrans.A?B)
------------
Happy computing...
