lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43F61DD5.7060609@securescience.net>
Date: Fri, 17 Feb 2006 11:02:45 -0800
From: Lance James <bugtraq@...urescience.net>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: First WMF mass mailer ItW (phishing Trojan)


Gadi Evron wrote:
> The first worm (mass mailer) to (ab)use the WMF 0day is now spreading in
> Australia.
>   
Respectfully speaking:

There are a few corrections to this that need to be expressed.

The language you're using describing it as a mass-mailing worm is coming
off confusing to some. The WMF exploit is actually seeded on a website,
and the mass-mailing is used to get people to go to that site. Stating
that it's a worm is similar to saying that phishing emails and spam are
worms. I have seen some actual phishing worms, and this is definitely
not it.

A correction also needs to be made on this comment

"Abusing websites is mostly how WMF is
exploited, but no much in the way of emails before today."


This is grossly incorrect - here are the dates we started seeing this
activity:

January 3rd -  WMF exploit distributing identified phishing trojan
January 9/10th -  WMF exploit distributing identified phishing trojan
Jan 18th/19th - WMF exploit distributing identified phishing trojan
Jan 22nd-25th - WMF exploit distributing identified phishing trojan
Jan 24th - WMF exploit distributing identified phishing trojan


I can go into February but we get the point.

This same phishing group works in regions, so it's not surprising that
they are now targeting Australia. They are also targeting Europe as well
in February.

Summary:
WMF Mass-Mailing phishing has not been uncommon, just in small
distributions, so it may have not been seen on the radar. Since the
public discovery of the WMF exploit, there have been a few mass-mailings
taking users to a site that distributed WMF exploits to date.


-- 
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ