Bugtraq mailing list archives

Re: AIM Password theft

From: jelmer <jkuperus () planet nl>
Date: Wed, 24 Sep 2003 23:40:23 +0200


That would be my ado thingie There's a temporary fix over at

http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm

--jelmer

On Tuesday 23 September 2003 21:13, Brent Meshier wrote:

Mark,
      The code you just sent looks familiar to a SPAM I received
attempting to hijack users' e-gold accounts.  Out of curiosity I
followed that link which loaded start.html (attached).  What worries me
is that I'm running IE 6.0.2800.1106 with all the latest patches from
Microsoft and this page (start.html) rewrote wmplayer.exe on my local
drive without notice.  After closing the page, I found two .exe files on
my desktop (which loaded from http://doz.linux162.onway.net/eg/1.exe).
Is this a new unknown vulnerability?

Brent Meshier
Global Transport Logistics, Inc.
http://www.gtlogistics.com/
"Innovative Fulfillment Solutions"

-----Original Message-----
From: Mark Coleman [mailto:markc () uniontown com]
Sent: Tuesday, September 23, 2003 11:43 AM
To: bugtraq () securityfocus org
Subject: [Fwd: Re: AIM Password theft]

Hi, can anyone shed some light on this for me?  If this is new, its
going to spread like wildfire.  AOL or incidents lists have yet to
reply....  it appears to be a legitimate threat as I have at least one
user "infected" already..  Thank you..

-Mark Coleman

Current thread:

Re: AIM Password theft Brent Meshier (Sep 24)
- Re: AIM Password theft jelmer (Sep 24)
- Re: AIM Password theft Eric Joe (Sep 24)
- RE: AIM Password theft Drew Copley (Sep 24)
- <Possible follow-ups>
- Re: AIM Password theft http-equiv () excite com (Sep 24)