Suspicious Emails inderectly leading to virus infection



According to The August 4th entry of the isc.sans.org handlers diary, there are some peculiar emails going around. They claim to be for an article claiming an explosion kills 140 in Iraq. It contains a link to a news article that has been altered from it’s original (140 instead of 14 for instance.) It also contains some nasty surprises for the visitor. There is an exploit that requires no user intervention, A cross-site scripting vulnerability (MS05-001) is exploited which runs ppp.hta from your hard drive, which creates a file called netlog.exe, which is launched by Media Player (??), which then retrieves a copy of win32sba.exe, which is the robobot backdoor.

Once the backdoor is on the system, of course, the system is “owned”. The email contains many mispellings apparently. It’s good to be suspicious of any unexpected emails you receive and be hesitant about clicking on links in emails from unusual sources.

Related Posts

Blog Traffic Exchange Related Posts
  • Virus Warning - Email Subjects - IRS Notice - Important Information from the IRS I've seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the "tax software update" that they are......
  • Microsoft Outlook - duplicate email messages Part I This will likely be a multi-part story because it turns out the solution was one of the more obscure things I think I've run into AND I thought it was worth "dumping" everything I found out in the process here for my own reference and anyone else wandering through. I......
  • Another Massive ID theft ring It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it's a trojan from the Dumaru family that is contentedly logging the infromation and promise more details. They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW......
Blog Traffic Exchange Related Websites
  • Facebook Hacking Alert! Beware! I just checked my Junk/Spam folder of my Yahoo! Mail to see an email containing confirmation for Facebook Password Reset. The mail is attached with a .zip file (probably containing a virus). I didn't request any password reset for my account from Facebook. So, it's probably a work of the......
  • Here's What Email Marketing Can Do For You Have you been looking for ways to advertise your services or products on the internet which won't cost you a large amount of money? Is it really possible to achieve this? You can promote your business on the internet in numerous ways, allowing you to generate new leads and attract......
  • Two Ways to Reclaim Your Feeds from FeedBurner Do you use FeedBurner for your blog feed(s)? Are you annoyed that the article links are feeds.feedburner.com URLs rather than the URLs of the original articles? This bothered me for some time until I was finally able to figure out what was causing it and how to prevent it from......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site