Suspicious Emails inderectly leading to virus infection



According to The August 4th entry of the isc.sans.org handlers diary, there are some peculiar emails going around. They claim to be for an article claiming an explosion kills 140 in Iraq. It contains a link to a news article that has been altered from it’s original (140 instead of 14 for instance.) It also contains some nasty surprises for the visitor. There is an exploit that requires no user intervention, A cross-site scripting vulnerability (MS05-001) is exploited which runs ppp.hta from your hard drive, which creates a file called netlog.exe, which is launched by Media Player (??), which then retrieves a copy of win32sba.exe, which is the robobot backdoor.

Once the backdoor is on the system, of course, the system is “owned”. The email contains many mispellings apparently. It’s good to be suspicious of any unexpected emails you receive and be hesitant about clicking on links in emails from unusual sources.

Related Posts

Blog Traffic Exchange Related Posts
  • The virus arms race? is locking down systems the key? The securityfix has a post on the "dirty little secret" about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it's current problems. The biggest problem with antivirus is that it's always one step behind the virus writers. Antivirus software only can prevent......
  • Total Security Antivirus Removal Total Security Antivirus is another rogue security application that poses as legitimate antivirus software to dupe people into installing and then paying for it. It is related to Antivirus 360 and is perhaps the followup software from the same group. This particular pest is possibly installing itself onto systems by......
  • Another Massive ID theft ring It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it's a trojan from the Dumaru family that is contentedly logging the infromation and promise more details. They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW......
Blog Traffic Exchange Related Websites
  • Say Goodbye to "Article" Marketing, Slide Sharing Can Get You 100x More Traffic Anyday - Internet Marketing Strategies Slide sharing websites (just Google "slide sharing sites") post your written content in PDF, PowerPoint or some other visually appealing format, have mostly do-follow links (for those of you who believe that actually means anything of value to your internet marketing strategies, for SEO atleast ;)), have very high......
  • How To Benefit From The Article Twin Article Marketing Service. How to benefit from the Article Twin article marketing service. There is, probably, no need to talk more about the value of the article marketing. Organic back links can dramatically increase your web site popularity in search engines, and the article marketing can do the trick, using 100% “white hat”......
  • Here's What Email Marketing Can Do For You Have you been looking for ways to advertise your services or products on the internet which won't cost you a large amount of money? Is it really possible to achieve this? You can promote your business on the internet in numerous ways, allowing you to generate new leads and attract......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site