funsec mailing list archives
Re: adobe exploit spam
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 05 May 2010 13:50:50 +1200
RandallM wrote:
anyone see this type of email going around? this particular one was addressed by our President and aimed at our controller. fortunitly the controller was wise enough not to click. the links will dl a program but the headers of course are all giving to another address. the "dL box" shows from an IP rather then adobe.
The .EXE and .PDF you mention are now unavailable, but the (bogus) adobe.us.to domain still redirects to the actual hosting site -- a (presumably popped) trixbox at 91.184.204.20. Despite the target .EXE being down (for now) you should file an abuse complaint with afraid.org, owners of us.to and who provide dynamic DNS and URL redirector services through that domain. With the "front" domain still up, the perps can trivially reconfigure the adobe.us.to redirector to their next compromised hosting box. Killing the adobe.us.to domain renders all yet-to-be-read messages they've sent worthless. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- adobe exploit spam RandallM (May 04)
- Re: adobe exploit spam Nick FitzGerald (May 04)