[Dshield] Fake Yahoo e-mail
mjcarter at ihug.co.nz
Sat Jan 17 12:07:49 GMT 2004
Posted in the SANS diary by Johannes Ullrich:
A user submitted a fake e-mail, which is using the %01 MSIE bug to trick the
user into downloading a Trojan.
This appears to be bigger than Yahoo being faked. Ive just received the
below email from my ISP:
From: ihug.co.nz's Internet Virus Department
We have detected a possible computer virus on your computer, You must open
the details of the report within 24 hours our we will be forced to shut down
your internet service.
Please Click Below Then Press "open" To View The Report If you do not open
this report in 24 hours we will suspend your internet service If nothing
apears on your virus report please dis-regard this message
Click Here Now
Clicking on the "button" does take me to
http://dzmj6u1ziuzb4r3tzaj0zafl.euphoriaja.com/special2/ and attempts to
download page.hta which McAfee detects as VBS/Inor.
I've contacted my ISP and forwarded to them, I wonder how many other ISPs
are about to be flooded with calls.
More information about the list