Security Incidents mailing list archives
Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!]
From: Brett Glass <brett () lariat org>
Date: Mon, 13 Aug 2001 13:15:02 -0600
Dave Winer (see http://www.scriptingnews.com/) writes: "A particularly insidious kind of spam. It looks like a friend sent a greeting card. Click on the link and you go to a page where it says you need to upgrade in order to get the card. They walk you through the install process. Don't do it -- this puts code on your machine, certainly adware, maybe spyware, maybe worse. Now for experienced programmers this is pretty transparent, but what about less technical users. Oy what a mess. What does the future hold?" --Brett At 03:05 AM 8/12/2001, diphen () agitation net wrote:
Has anyone run across this before? It showed up in one of my other email accounts this evening. When you go to the site it displays a message about 'Image Browser Not Supported'. What this links to is a file called american.exe. It appears to be a win32 binary containing some sort of file archive. Unfortunately I don't have good facilities (or expertise, really) for figuring out what this thing does. If anyone with more windows expertise wants to take a look, you can grab the file from the site, or I can forward a copy. I'm guessing it's some sort of trojan. (The reason this makes me suspicious is that the rest of the site appears to be entirely bogus. The first supplied url is www.greetingcardsusa.cc, but all the links from the page go to americangreetingz.net, which doesn't resolve. Also, the american.exe link is just an ip. It reverse-resolves to paypalgreen.com, which also looks rather weird.) Thanks. -gabe ----- Forwarded message from klmtfs () pridemail com ----- Delivered-To: diphen () agitation net Resent-Message-Id: <200108120841.f7C8fB116856 () sonic net> X-envelope-info: <KLMTFS1 () lycos com> X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 From: klmtfs () pridemail com To: chagrus () techpointer com Date: Sun, 12 Aug 2001 04:26:42 -0800 Subject: Your Online Greeting Awaits You! X-OriginalArrivalTime: 12 Aug 2001 08:14:07.0296 (UTC) FILETIME=[C1E65C00:01C12306] Hello! We're writing to let you know that someone has sent you a greeting. To pick up your greeting, simply click on this link: http://www.GreetingCardsUSA.cc?aspickup.pd?i=710242162&m=1732&rr=y If your e-mail program doesn't recognize the above address as a link, just copy and paste the address into your web browser's "address" window. We hope you enjoy your greeting. If you have any questions feel free to email us at the address below. Thanks! James Cordman james () GreetingCardsUSA cc GreetingCardsUSA.cc Know one knows Greetings Like American Greetingz! ----- End forwarded message ----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- [klmtfs () pridemail com: Your Online Greeting Awaits You!] diphen (Aug 12)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Mark Collins (Aug 12)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Jay D. Dyson (Aug 12)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] freehold (Aug 13)
- Re: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Brett Glass (Aug 13)
- <Possible follow-ups>
- RE: [klmtfs () pridemail com: Your Online Greeting Awaits You!] Jay D. Dyson (Aug 13)