Suspicious Emails inderectly leading to virus infection



According to The August 4th entry of the isc.sans.org handlers diary, there are some peculiar emails going around. They claim to be for an article claiming an explosion kills 140 in Iraq. It contains a link to a news article that has been altered from it’s original (140 instead of 14 for instance.) It also contains some nasty surprises for the visitor. There is an exploit that requires no user intervention, A cross-site scripting vulnerability (MS05-001) is exploited which runs ppp.hta from your hard drive, which creates a file called netlog.exe, which is launched by Media Player (??), which then retrieves a copy of win32sba.exe, which is the robobot backdoor.

Once the backdoor is on the system, of course, the system is “owned”. The email contains many mispellings apparently. It’s good to be suspicious of any unexpected emails you receive and be hesitant about clicking on links in emails from unusual sources.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove BlockScanner | Removal Guide BlockScanner looks very much like it's sibling blockwatcher and indeed these two rogue antivirus applications come from the same prolific family (wini). This family includes numerous other rogue antivirus appications such as... Softbarrier (softbarrier removal) and many others have looked the same... Shieldsafeness (see the shieldsafeness removal guide) as well......
  • WMF Exploit -- it's worse... This is going to be a rough start to the new year for IT staff and computer users.... There's coverage at Incidents.org, the sunbeltblog and f-secure of the latest twist in what will likely be a BIG mess to clean up. It looks like there's a someone spamming emails to......
  • Another Massive ID theft ring It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it's a trojan from the Dumaru family that is contentedly logging the infromation and promise more details. They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW......
Blog Traffic Exchange Related Websites
  • Here's What Email Marketing Can Do For You Have you been looking for ways to advertise your services or products on the internet which won't cost you a large amount of money? Is it really possible to achieve this? You can promote your business on the internet in numerous ways, allowing you to generate new leads and attract......
  • Two Ways to Reclaim Your Feeds from FeedBurner Do you use FeedBurner for your blog feed(s)? Are you annoyed that the article links are feeds.feedburner.com URLs rather than the URLs of the original articles? This bothered me for some time until I was finally able to figure out what was causing it and how to prevent it from......
  • Say Goodbye to "Article" Marketing, Slide Sharing Can Get You 100x More Traffic Anyday - Internet Marketing Strategies Slide sharing websites (just Google "slide sharing sites") post your written content in PDF, PowerPoint or some other visually appealing format, have mostly do-follow links (for those of you who believe that actually means anything of value to your internet marketing strategies, for SEO atleast ;)), have very high......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site