lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E20DADCE7FEE6644A604B600D3233872343957@windomain.appliedmessaging.com>
From: mtighe at appliedmessaging.com (Michael Tighe)
Subject: New Social Engineering for MS03-32

I got "interesting" email this weekend.  Someone is
suggesting that I go to their site to send an email
greeting card to someone and use that to SPY on them:

	"Spy on Anyone by sending them an Email-Greeting Card! 
	Spy Software records their emails, Hotmail, Yahoo, 
	Outlook, ACTUAL Computer Passwords, Chats, Keystrokes, 
	PLUS MORE..
 
	Check up on your SPOUSE, KIDS, or EMPLOYEES!
	Follow This Link To Begin... "

This has two layers of social engineering: one, it causes
you to click on a link.  If you've not got a completely
good patch (or not immune to) the MS IE ObjectTag bug
(http://www.microsoft.com/technet/security/bulletin/MS03-032.asp), 
then you can catch something.  

But even if they are offering a valid service, it looks
like what they are doing is capitalizing on the fact that
your "anyone" isn't patched either - because by getting them
to open your greeting card, you can use MS03-32 to install
spyware.

Yeesh!

PS: the URL in my email appears to be 

       http://www.goohle.us/index.php?afil=1025

Your mileage may vary.  I liked that the DOMAIN name was
"goohle" rather than "google".  I almost didn't notice 
the misspelling.  A preliminary look suggests that 
"goohle" is used as a keyword for pictures and websites
of a specific sort.

-- Michael Tighe
email: tighe@...liedmessaging.com
phone: 781-676-6700
MSN Messenger: tighe@...liedmessaging.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ