-----BEGIN PGP SIGNED MESSAGE----- On Sun, 12 Aug 2001 diphenat_private wrote: > Has anyone run across this before? I'm sure many here would agree that this may be an old trick with a new face. While I don't yet have enough information to confirm that this is the product of a trojan, several indicators seem to point to as much... > X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Outlook. Guh. The favored vector of trojan dissemination. > Hello! We're writing to let you know that someone has sent you a greeting. The impersonal (and over-friendly) text. > http://www.GreetingCardsUSA.cc?aspickup.pd?i=710242162&m=1732&rr=y Appropriately long URL that bounces you around and eventually goes to an IP address for dissemination of a binary. Present most users with a long URL and their eyes typically glaze over and they just blindly click on it. About the only thing that surprises me is that no '@' semantic attack was used. I'll have to see about collecting a copy of the binary. Until such time, this should probably be considered a *possible* trojan that should be ruled out. Fortunately, it's a Sunday, so we've got a little time before the Monday morning zombies come rolling in and contributing to the problem. :) Time to start a new pot of coffee! Yay. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `-------- Real men prefer full disclosure. --------' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO3bf57lDRyqRQ2a9AQGrnQP7BfWpsqUd29FOV0V8bNff1AnqoN7FAptZ uXhnn1JSz6kWPO41OVVKAQ/sbcf8rPjLcy73CbHLb15BIpZxdZJLB08ti4kjr+FA hjD1isa7TKlTuWyek5sypQ6sdDmyji5tJaj6eslT50nTaI5xfVPJQF4cq8U6r4g6 0vQwK2biej8= =rI2s -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 16:54:11 PDT