Date: Fri, 5 Mar 1999 11:30:56 -0000 From: Mat Newman To: "'packetstorm@genocide2600.com'" Subject: Exchange server web access You may have heard about this but... If someone is accessing Exchange server via the web then you can embed javascript into the email to get it to delete the contents of the users inbox. If they're not using the web but just ordinary Outlook then you can still do things like open up 10,000 browser windows etc. - useful for spammers!) The simplest way to do this if you're using exchange is to put the js into your signature (it's not in the one below!) as follows: (in winnt\profiles\user\Application Data\Microsoft\Shared\Signatures)

!!!CAUTION VIRUS VERSION!!!

Mat Newman
Alpha-Numeric Developments Limited