PaulDotCom mailing list archives

phishing question

From: mailinglistmatt at gmail.com (Matt Erasmus)
Date: Wed, 2 Dec 2009 08:01:08 +0200

I had a similar incident recently with a Google Image search of all
things. The scary thing was the search itself wasn't shady. It was a
designer looking for research material for a project he was working
on.

What happened was he clicked on the image which directed him to the
site with the image he was interested in. Once there some malicious
Javascript was executed and triggered a download of
an install.exe file. While this was happening an animation played that
looked like his machine was being scanned for viruses and the like.
It's just a pity he was using a Mac and immediately asked me to take a
look....

The exe file was actually some scareware which I am still in the
processes of picking apart. The javascript in question was heavily
obfuscated and, being a bit wet behind the ears with Javascript, I am
still going through the code.

Still, this type of thing happens every day and is only on the increase...

Thanks for sharing your experience, it really helps people like me who
are interested in malware and malicious redirection.


-- 
Matt Erasmus


-- Be the trouble you want to see in the world.

Current thread:

phishing question Chris Blazek (Dec 01)
- phishing question PJ McGarvey (Dec 01)
  - phishing question Chris Blazek (Dec 01)
    - phishing question David Auclair (Dec 02)
    - phishing question David Shpritz (Dec 02)
    - phishing question David Auclair (Dec 02)
    - phishing question Chris Blazek (Dec 02)
    - phishing question Chris Blazek (Dec 02)
    - phishing question David Auclair (Dec 03)
- phishing question Matt Erasmus (Dec 01)
- phishing question Robert Portvliet (Dec 03)
  - phishing question Chris Blazek (Dec 03)
  - phishing question Matt Erasmus (Dec 03)
- phishing question Bert Van Kets (Dec 04)
  - phishing question Jim Halfpenny (Dec 04)