Security Incidents mailing list archives

[klmtfs () pridemail com: Your Online Greeting Awaits You!]

From: diphen () agitation net
Date: Sun, 12 Aug 2001 02:05:08 -0700

Has anyone run across this before? It showed up in one of my other email
accounts this evening. When you go to the site it displays a message
about 'Image Browser Not Supported'. What this links to is a file called
american.exe. It appears to be a win32 binary containing some sort of
file archive. Unfortunately I don't have good facilities (or expertise,
really) for figuring out what this thing does. If anyone with more
windows expertise wants to take a look, you can grab the file from the
site, or I can forward a copy. I'm guessing it's some sort of trojan.

(The reason this makes me suspicious is that the rest of the site appears
to be entirely bogus. The first supplied url is www.greetingcardsusa.cc,
but all the links from the page go to americangreetingz.net, which
doesn't resolve. Also, the american.exe link is just an ip. It
reverse-resolves to paypalgreen.com, which also looks rather weird.)

Thanks.

-gabe

----- Forwarded message from klmtfs () pridemail com -----

Delivered-To: diphen () agitation net
Resent-Message-Id: <200108120841.f7C8fB116856 () sonic net>
X-envelope-info: <KLMTFS1 () lycos com>
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
From: klmtfs () pridemail com
To: chagrus () techpointer com
Date: Sun, 12 Aug 2001 04:26:42 -0800
Subject: Your Online Greeting Awaits You!
X-OriginalArrivalTime: 12 Aug 2001 08:14:07.0296 (UTC) FILETIME=[C1E65C00:01C12306]

Hello!  We're writing to let you know that someone has sent you a greeting. 

To pick up your greeting, simply click on this link: 
http://www.GreetingCardsUSA.cc?aspickup.pd?i=710242162&m=1732&rr=y 

If your e-mail program doesn't recognize the above address as a link, just 
copy and paste the address into your web browser's "address" window. 

We hope you enjoy your greeting. If you have any questions feel free to email 
us at the address below. 

Thanks! 

James Cordman 
james () GreetingCardsUSA cc 
GreetingCardsUSA.cc 
Know one knows Greetings Like American Greetingz! 

----- End forwarded message -----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

[klmtfs () pridemail com: Your Online Greeting Awaits You!] diphen (Aug 12)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Mark Collins (Aug 12)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Jay D. Dyson (Aug 12)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] freehold (Aug 13)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Brett Glass (Aug 13)
- <Possible follow-ups>
- RE: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Jay D. Dyson (Aug 13)