[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E20DADCE7FEE6644A604B600D3233872343957@windomain.appliedmessaging.com>
From: mtighe at appliedmessaging.com (Michael Tighe)
Subject: New Social Engineering for MS03-32
I got "interesting" email this weekend. Someone is
suggesting that I go to their site to send an email
greeting card to someone and use that to SPY on them:
"Spy on Anyone by sending them an Email-Greeting Card!
Spy Software records their emails, Hotmail, Yahoo,
Outlook, ACTUAL Computer Passwords, Chats, Keystrokes,
PLUS MORE..
Check up on your SPOUSE, KIDS, or EMPLOYEES!
Follow This Link To Begin... "
This has two layers of social engineering: one, it causes
you to click on a link. If you've not got a completely
good patch (or not immune to) the MS IE ObjectTag bug
(http://www.microsoft.com/technet/security/bulletin/MS03-032.asp),
then you can catch something.
But even if they are offering a valid service, it looks
like what they are doing is capitalizing on the fact that
your "anyone" isn't patched either - because by getting them
to open your greeting card, you can use MS03-32 to install
spyware.
Yeesh!
PS: the URL in my email appears to be
http://www.goohle.us/index.php?afil=1025
Your mileage may vary. I liked that the DOMAIN name was
"goohle" rather than "google". I almost didn't notice
the misspelling. A preliminary look suggests that
"goohle" is used as a keyword for pictures and websites
of a specific sort.
-- Michael Tighe
email: tighe@...liedmessaging.com
phone: 781-676-6700
MSN Messenger: tighe@...liedmessaging.com
Powered by blists - more mailing lists