funsec mailing list archives
Re: verification
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 21 Jan 2009 14:25:57 -0500
So not very sneaky, as you get the a conventional download box. I'm not really a malwarey type person, but the install for dlsgd3.com doesn't look fluffy. It just seems to try social engineering, by trying to look like an official MS message, so not much of a threat!
It's just that it is infecting a whole shitload of people right now... People, unfortunately, are falling for it. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of David Lodge Sent: Wednesday, January 21, 2009 12:59 PM To: RandallM; funsec Subject: Re: [funsec] verification On Wed, 21 Jan 2009 03:08:06 -0000, RandallM <randallm () fidmail com> wrote:
While sitting on a myspace page it changes to: a warning about :http://sg11scanner.com/sg1/1/10219 (which was in the address bar). If I clicked on "why..." it took me to: (http://www.facebook.com/photo.php?pid=30252739&l=95d86&id=1274153615)
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Fi refox&hl=en-US&site=http://sg11scanner.com/sg1/1/10219
(http://www.facebook.com/photo.php?pid=30252742&l=a136d&id=1274153615) If I clicked on the "ignore" I got taken to the site that was: http://www.facebook.com/photo.php?pid=30252743&l=56a2d&id=1274153615 Any one brave tonight. I'm going to bed not feeling like playing.
Wget on Linux is the easy way ;-)
It's a fake up page to make it look like you have an infection. The
"magic" for downloading on the page itself is:
function doStartDownload() {
window.location="http://dlsgd3.com/spygd08/install.php?track_id=10219";;
return;
}
<div class="errors_d"><a
onclick="javascript:doStartDownload();return
false;" href="#"><img src="/images/sg1/error_detected.gif" alt=""
/></a></div>
So not very sneaky, as you get the a conventional download box. I'm not
really a malwarey type person, but the install for dlsgd3.com doesn't
look
fluffy. It just seems to try social engineering, by trying to look like
an
official MS message, so not much of a threat!
dave
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- verification RandallM (Jan 20)
- Re: verification David Lodge (Jan 21)
- Re: verification Alex Eckelberry (Jan 21)
- Re: verification Alex Eckelberry (Jan 21)
- Re: verification David Lodge (Jan 21)