Full Disclosure mailing list archives

Re: [funsec] nasty infection from following link if anyone is interested

From: David Alanis <canito () dalan us>
Date: Thu, 26 Nov 2009 03:59:41 -0600

Dragos Ruiu wrote:

Haha, and then you included his clickable link in your message  
inclusion.
Tsk, Tsk. <chuckle>

cheers,
--dr

On 25-Nov-09, at 12:16 PM, Juha-Matti Laurio wrote:

Your modifications doesn't prevent your link to be clickable in all  
mail clients.
Please use methods
http : // and/or
archive1329101302 , heddasq

next time...

Juha-Matti

RandallM [randallm () fidmail com] kirjoitti:

one of my sales people fell for a "someone posted a picture of you"  
emails.

Got a real nasty that came with, according to malwarebytes,  
"Pawnd.bot
and Backdoor.bot".
Havent checked it out yet but thought I would share it.


The link is this:
(REMOVETHISFIRST http: // archive1329101302 , heddasq,eu/photo- 
hosting/)

-- 
been great, thanks
a.k.a System

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada March 22-26  http://cansecwest.com
Amsterdam, Netherlands June 16/17 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

I don't understand what is so funny about that or where you find the
humor in knowing some less intuitive user at your company can cause a
lot of damage to your network!?!?!

Randall is simply sharing the information he's gathered.

Here is the one message I received from an offshore colleague through my
facebook account. Note that since I no longer have a facebook (mostly
cause its a security risk)  account and I suggested they follow some
type of incident management plan with her machine.
--------------------
Hey, some jerk has posted your pictures (u understand what kind of
pictures are there) and sent a link of them to all ur friends. I have
already replied back. Said, that he is an indiot. See the link:
http://ehuvinuru.digitalzones.com/fozogaly.html
Take care........ 
--------------------

That link took me to some server out in Brazil and it wanted me to
install some type of flash player... I didn't really have the time to
look into it just to see what it would do and where it would take me so
if this is your cup of tea, have at it.

Cheers,
SDA

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: [funsec] nasty infection from following link if anyone is interested Juha-Matti Laurio (Nov 25)
- Re: [funsec] nasty infection from following link if anyone is interested Dragos Ruiu (Nov 25)
  - Re: [funsec] nasty infection from following link if anyone is interested David Alanis (Nov 26)