Dave Winer (see http://www.scriptingnews.com/) writes: "A particularly insidious kind of spam. It looks like a friend sent a greeting card. Click on the link and you go to a page where it says you need to upgrade in order to get the card. They walk you through the install process. Don't do it -- this puts code on your machine, certainly adware, maybe spyware, maybe worse. Now for experienced programmers this is pretty transparent, but what about less technical users. Oy what a mess. What does the future hold?" --Brett At 03:05 AM 8/12/2001, diphenat_private wrote: >Has anyone run across this before? It showed up in one of my other email >accounts this evening. When you go to the site it displays a message >about 'Image Browser Not Supported'. What this links to is a file called >american.exe. It appears to be a win32 binary containing some sort of >file archive. Unfortunately I don't have good facilities (or expertise, >really) for figuring out what this thing does. If anyone with more >windows expertise wants to take a look, you can grab the file from the >site, or I can forward a copy. I'm guessing it's some sort of trojan. > >(The reason this makes me suspicious is that the rest of the site appears >to be entirely bogus. The first supplied url is www.greetingcardsusa.cc, >but all the links from the page go to americangreetingz.net, which >doesn't resolve. Also, the american.exe link is just an ip. It >reverse-resolves to paypalgreen.com, which also looks rather weird.) > >Thanks. > >-gabe > >----- Forwarded message from klmtfsat_private ----- > >Delivered-To: diphenat_private >Resent-Message-Id: <200108120841.f7C8fB116856at_private> >X-envelope-info: <KLMTFS1at_private> >X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 >From: klmtfsat_private >To: chagrusat_private >Date: Sun, 12 Aug 2001 04:26:42 -0800 >Subject: Your Online Greeting Awaits You! >X-OriginalArrivalTime: 12 Aug 2001 08:14:07.0296 (UTC) FILETIME=[C1E65C00:01C12306] > >Hello! We're writing to let you know that someone has sent you a greeting. > >To pick up your greeting, simply click on this link: >http://www.GreetingCardsUSA.cc?aspickup.pd?i=710242162&m=1732&rr=y > >If your e-mail program doesn't recognize the above address as a link, just >copy and paste the address into your web browser's "address" window. > >We hope you enjoy your greeting. If you have any questions feel free to email >us at the address below. > >Thanks! > >James Cordman >jamesat_private >GreetingCardsUSA.cc >Know one knows Greetings Like American Greetingz! > >----- End forwarded message ----- > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:26:23 PDT