Re: CRIME An Interesting Spyware Scam to watch out for

From: Shaun Savage (savages@private)
Date: Sun May 11 2003 - 20:03:14 PDT

Next message: Keith Proffitt: "Re: CRIME An Interesting Spyware Scam to watch out for"

Previous message: Alan: "CRIME An Interesting Spyware Scam to watch out for"
In reply to: Alan: "CRIME An Interesting Spyware Scam to watch out for"
Next in thread: Keith Proffitt: "Re: CRIME An Interesting Spyware Scam to watch out for"
Reply: Keith Proffitt: "Re: CRIME An Interesting Spyware Scam to watch out for"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good Analysis.
How long now, until law enforcment shuts it down, or will it?

Shaun

Alan wrote:
> I received an interesting spam in the mail.  It contained a scam that
> you might want to be aware of, especially if you have fairly gullible
> users on your network.
> 
> Here is the text of the spam:
> 
> 
> 
>>From - 
>>Return-Path: <windowsupdate@private>
>>Delivered-To: alan@ctrl-alt-del.com
>>Received: from windowsupdatenow.com
>>	(adsl-68-120-92-123.dsl.irvnca.pacbell.net [68.120.92.123]) by
>>	clueserver.org (Postfix) with SMTP id 457062B6C3 for
>>	<alan@ctrl-alt-del.com>; Sun, 11 May 2003 03:53:24 -0700 (PDT)
>>Message-ID: <8d6d63abe320$003a31b0$c04fd773@private>
>>From: <windowsupdate@private>
>>To: <alan@ctrl-alt-del.com>
>>Subject: Windows Update Notification
>>Date: Mon, 12 May 2003 06:32:11 -1100
>>MIME-Version: 1.0
>>Content-Type: text/plain; charset="iso-8859-1"
>>X-Priority: 1
>>X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
>>X-MSMail-Priority: High
>>X-Mailer: Microsoft Outlook Express 5.00.2314.1300
>>Content-Transfer-Encoding: quoted-printable
>>X-Spam-Status: No, hits=1.4 required=5.0
>>	tests=X_MSMAIL_PRIORITY_HIGH,X_PRIORITY_HIGH,NO_REAL_NAME,LINES_OF_YELLING
>>	version=2.20
>>X-Spam-Level: *
>>Status:   
>>
>>WINDOWS SECURITY WARNING!!
>>=20
>>A VIRUS HAS BEEN DETECTED ON YOUR COMPUTER. IN ORDER FOR YOUR COMPUTER NOT =
>>TO CRASH YOU WILL NEED TO GO TO:
>>=20
>>http://WWW.WINDOWSUPDATENOW.COM
>>=20
>>AND IT WILL AUTOMATICALLY UPDATE YOUR COMPUTERS SECURITY PATCHES.
>>=20
>>SIMPLY TYPE IN http://WWW.WINDOWSUPDATENOW.COM INTO YOUR BROWSER. OTHERWISE=
>> YOU WILL KEEP RECEIVING THIS SECURITY ALERT EMAIL EVERY DAY.
> 
> 
> Since I am running Linux, I was not too worried...
> 
> I checked out the site and it redirects you to
> http://www.quicklaunch.com/perl/detection.pl.
> 
> The Linux unaware script attempts to download
> http://download.quicklaunch.com/quicklaunch154.cab and install it. 
> 
> The program it tries to install is called "Quick Launch Toolbar".  It is
> a nasty little bit of Spyware/Adware. There is a good description on
> removal at http://www.doxdesk.com/parasite/BrowserAid.html .  
> 
> The biggest concern is that it has an "update feature" that can install
> arbitrary code on your machine.
> 
> Both domains are registered to:
> 
>         This Domain Is For Sale joshuathaninvest@private
>         ( This Domain is For Sale ) Joshuathan Investments, Inc.
>         62 Cleghorn Street
>         Belize City, Belize none
>         US
>         Phone: 501-2-31244
>         Fax: 501-2-34222
>  
> 
> www.windowsupdatenow.com is hosted on wfb.dnsvr.com (65.125.231.178) in
> Florida.
> 
> www.quicklaunch.com  (66.117.19.206) hosted by nhicolo.com in LA,
> California.
> 
>

Next message: Keith Proffitt: "Re: CRIME An Interesting Spyware Scam to watch out for"
Previous message: Alan: "CRIME An Interesting Spyware Scam to watch out for"
In reply to: Alan: "CRIME An Interesting Spyware Scam to watch out for"
Next in thread: Keith Proffitt: "Re: CRIME An Interesting Spyware Scam to watch out for"
Reply: Keith Proffitt: "Re: CRIME An Interesting Spyware Scam to watch out for"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 11 2003 - 20:51:11 PDT