funsec mailing list archives

Fwd: US-CERT Current Activity - Malicious Email Campaign Circulating

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 10 Sep 2010 01:47:57 -0400

I'm not sure which is least interesting..... the fact that malware is
being vectored through email, or that a PDF is involved in an exploit.

---------- Forwarded message ----------
From: Current Activity <us-cert () us-cert gov>
Date: Thu, Sep 9, 2010 at 8:58 PM
Subject: US-CERT Current Activity - Malicious Email Campaign Circulating
To: Current Activity <current-activity () us-cert gov>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Malicious Email Campaign Circulating

Original release date: September 9, 2010 at 8:46 pm
Last revised: September 9, 2010 at 8:46 pm

US-CERT is aware of public reports of malware spreading via email.
These reports indicate that the malicious email messages contain the
subject line "Here you have" or "Just For You" and contain a link to a
seemingly legitimate PDF file. If users click on this link, they will
be redirected to a malicious website that will prompt them to download
and install a screensaver (.scr) file. If they agree to install this
file, they will become infected with an email worm that will continue
to propagate through their email contacts.

US-CERT encourages users and administrators to take the following
preventive measures to help mitigate the security risks:
 * Install anti-virus software, and keep its virus signature files
   up-to-date.
 * Do not follow unsolicited web links received in email messages.
 * Refer to the Recognizing and Avoiding Email Scams (PDF) document
   for more information on avoiding email scams.
 * Refer to the Avoiding Social Engineering and Phishing Attacks
   document for more information on avoiding social engineering and
   phishing attacks.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.avertlabs.com/research/blog/index.php/2010/09/09/widespread-reporting-of-here-you-have-virus/>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

====
This entry is available at
http://www.us-cert.gov/current/index.html#here_you_have_email_malware

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTImCkj6pPKYJORa3AQLnfAgAngyGH+hEInZH8r+v2t4KtZzTfMRdZwOe
wtpF+ZJK/Qba5D8eCmSeecnONYXG1TUH8J4tYZOivdS/XTR8fdXKepnV7Ur7iuhW
/4FW6ue/riaAnpQQi/E1RVwpcoZ9BLPMd4JRcPZohmyrPgPMHZKWs8QiSADfK3oh
JJNi9cW1GArlEMaa7Yo8EMorUjq2MQtPYjtRovs31tOeT1aliMBzy/g1a/0FKaXt
C75472bQEs5XNE+WTR+MSh4BsqSq3A4WbJ0h8rGQge/pMA9EuPCi4SiLG+GY4QhB
pLnllkoiKOSlp5JTAykWKoUJ6FAYQJBe++CnfcWRvwQZ1w2+jenDxw==
=QGdj
-----END PGP SIGNATURE-----

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Fwd: US-CERT Current Activity - Malicious Email Campaign Circulating Jeffrey Walton (Sep 09)
- Re: Fwd: US-CERT Current Activity - Malicious Email Campaign Circulating Paul Ferguson (Sep 10)