Has anyone run across this before? It showed up in one of my other email accounts this evening. When you go to the site it displays a message about 'Image Browser Not Supported'. What this links to is a file called american.exe. It appears to be a win32 binary containing some sort of file archive. Unfortunately I don't have good facilities (or expertise, really) for figuring out what this thing does. If anyone with more windows expertise wants to take a look, you can grab the file from the site, or I can forward a copy. I'm guessing it's some sort of trojan. (The reason this makes me suspicious is that the rest of the site appears to be entirely bogus. The first supplied url is www.greetingcardsusa.cc, but all the links from the page go to americangreetingz.net, which doesn't resolve. Also, the american.exe link is just an ip. It reverse-resolves to paypalgreen.com, which also looks rather weird.) Thanks. -gabe ----- Forwarded message from klmtfsat_private ----- Delivered-To: diphenat_private Resent-Message-Id: <200108120841.f7C8fB116856at_private> X-envelope-info: <KLMTFS1at_private> X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 From: klmtfsat_private To: chagrusat_private Date: Sun, 12 Aug 2001 04:26:42 -0800 Subject: Your Online Greeting Awaits You! X-OriginalArrivalTime: 12 Aug 2001 08:14:07.0296 (UTC) FILETIME=[C1E65C00:01C12306] Hello! We're writing to let you know that someone has sent you a greeting. To pick up your greeting, simply click on this link: http://www.GreetingCardsUSA.cc?aspickup.pd?i=710242162&m=1732&rr=y If your e-mail program doesn't recognize the above address as a link, just copy and paste the address into your web browser's "address" window. We hope you enjoy your greeting. If you have any questions feel free to email us at the address below. Thanks! James Cordman jamesat_private GreetingCardsUSA.cc Know one knows Greetings Like American Greetingz! ----- End forwarded message ----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 10:56:31 PDT