[Dshield] Fake Yahoo e-mail

Mike mjcarter at ihug.co.nz
Sat Jan 17 12:07:49 GMT 2004


Hi All,
Posted in the SANS diary by Johannes Ullrich:
A user submitted a fake e-mail, which is using the %01 MSIE bug to trick the
user into downloading a Trojan.

This appears to be bigger than Yahoo being faked. Ive just received the
below email from my ISP:
Virus Alert
To:mjcarter
From: ihug.co.nz's Internet Virus Department

We have detected a possible computer virus on your computer, You must open
the details of the report within 24 hours our we will be forced to shut down
your internet service.

Please Click Below Then Press "open" To View The Report If you do not open
this report in 24 hours we will suspend your internet service If nothing
apears on your virus report please dis-regard this message
Click Here Now
<http://ihug.co.nz%01@dzmj6u1ziuzb4r3tzaj0zafl.euphoriaja.com/special2/>

Clicking on the "button" does take me to
http://dzmj6u1ziuzb4r3tzaj0zafl.euphoriaja.com/special2/ and attempts to
download page.hta which McAfee detects as VBS/Inor.
I've contacted my ISP and forwarded to them, I  wonder how many other ISPs
are about to be flooded with calls.

Regards
Mike




More information about the list mailing list