[Dshield] Fake Yahoo e-mail

Rick Klinge rick at jaray.net
Sat Jan 17 15:57:52 GMT 2004


Wow.. Clicking the link now just diverts me to microsoft.com.. Fast redirect
on that one good job guys.

~Rick

> -----Original Message-----
> From: list-bounces at dshield.org 
> [mailto:list-bounces at dshield.org] On Behalf Of Mike
> Sent: Saturday, January 17, 2004 6:08 AM
> To: 'General DShield Discussion List'
> Subject: [Dshield] Fake Yahoo e-mail 
> 
> 
> Hi All,
> Posted in the SANS diary by Johannes Ullrich:
> A user submitted a fake e-mail, which is using the %01 MSIE 
> bug to trick the user into downloading a Trojan.
> 
> This appears to be bigger than Yahoo being faked. Ive just 
> received the below email from my ISP: Virus Alert To:mjcarter
> From: ihug.co.nz's Internet Virus Department
> 
> We have detected a possible computer virus on your computer, 
> You must open the details of the report within 24 hours our 
> we will be forced to shut down your internet service.
> 
> Please Click Below Then Press "open" To View The Report If 
> you do not open this report in 24 hours we will suspend your 
> internet service If nothing apears on your virus report please dis-regard
this message > Click Here Now 
<http://ihug.co.nz%01@dzmj6u1ziuzb4r3tzaj0zafl.euphoriaja.com/special2/>

Clicking on the "button" does take me to
http://dzmj6u1ziuzb4r3tzaj0zafl.euphoriaja.com/special2/ and attempts to
download page.hta which McAfee detects as VBS/Inor. I've contacted my ISP
and forwarded to them, I  wonder how many other ISPs are about to be flooded
with calls.

Regards
Mike


___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list