nanog mailing list archives

Re: Interesting Occurrence

From: Mike Tancsa <mike () sentex net>
Date: Mon, 21 Jun 2004 14:17:13 -0400

Not the best place to ask (full-discloure or the incidents list perhaps),but there are numerous phishing scams going of late (I get 3 or 4 a day)that exploit an unpatched IE bug....


e.g. the spam reads

You Have a VoiceMessage Waiting Priority :Urgent From:xxx xxxhttp://www.ONEvoicemailbox.net/voicemail/

(replace ONE with "1" in the host)-- I strongly suggest NOT going to thissite with IE


This particular site crams in a keylogger into your PC by use of
http://221.4.203.78/bestadult/shellscript_loader.js
http://221.4.203.78/bestadult/shellscript.js


        ---Mike


At 01:44 PM 21/06/2004, Brent_OKeeffe () asc aon com wrote:

Okay... Here is a new one for me. Got a call from my dad saying he lefthis PC on last night connected to his broadband. He went to log in thismorning and noticed a new ID in his user list - IWAP_WWW. He immediatelydeleted is and called me. I had him ensure his critical updates we allapplied - they were. I had him ensure his antivirus was up to date - itwas (Norton Antivirus 2004). He is running XP Home.
I searched the antivirus sites and elsewhere for references. Any idea ifthere is a new vulnerability that has not been publicly released? Any clues?
Regards,
Brent

Current thread:

Interesting Occurrence Brent_OKeeffe (Jun 21)
- Re: Interesting Occurrence Jeff Shultz (Jun 21)
- RE: Interesting Occurrence Luke Starrett (Jun 21)
  - RE: Interesting Occurrence Randy Bush (Jun 21)
- Re: Interesting Occurrence Richard A Steenbergen (Jun 21)
  - Re: Interesting Occurrence Christian Malo (Jun 21)
- Re: Interesting Occurrence John Kinsella (Jun 21)
- Message not available
  - Re: Interesting Occurrence Mike Tancsa (Jun 21)
- <Possible follow-ups>
- Re: Interesting Occurrence Brent_OKeeffe (Jun 21)
- Re: Interesting Occurrence Brent_OKeeffe (Jun 21)