[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4B0E518D.2080608@dalan.us>
Date: Thu, 26 Nov 2009 03:59:41 -0600
From: David Alanis <canito@...an.us>
To: full-disclosure@...ts.grok.org.uk
Cc: funsec <funsec@...uxbox.org>
Subject: Re: [funsec] nasty infection from following link
if anyone is interested
Dragos Ruiu wrote:
> Haha, and then you included his clickable link in your message
> inclusion.
> Tsk, Tsk. <chuckle>
>
> cheers,
> --dr
>
> On 25-Nov-09, at 12:16 PM, Juha-Matti Laurio wrote:
>
>
>> Your modifications doesn't prevent your link to be clickable in all
>> mail clients.
>> Please use methods
>> http : // and/or
>> archive1329101302 , heddasq
>>
>> next time...
>>
>> Juha-Matti
>>
>> RandallM [randallm@...mail.com] kirjoitti:
>>
>>> one of my sales people fell for a "someone posted a picture of you"
>>> emails.
>>>
>>> Got a real nasty that came with, according to malwarebytes,
>>> "Pawnd.bot
>>> and Backdoor.bot".
>>> Havent checked it out yet but thought I would share it.
>>>
>>>
>>> The link is this:
>>> (REMOVETHISFIRST http: // archive1329101302 , heddasq,eu/photo-
>>> hosting/)
>>>
>>> --
>>> been great, thanks
>>> a.k.a System
>>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Vancouver, Canada March 22-26 http://cansecwest.com
> Amsterdam, Netherlands June 16/17 http://eusecwest.com
> pgpkey http://dragos.com/ kyxpgp
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
I don't understand what is so funny about that or where you find the
humor in knowing some less intuitive user at your company can cause a
lot of damage to your network!?!?!
Randall is simply sharing the information he's gathered.
Here is the one message I received from an offshore colleague through my
facebook account. Note that since I no longer have a facebook (mostly
cause its a security risk) account and I suggested they follow some
type of incident management plan with her machine.
--------------------
Hey, some jerk has posted your pictures (u understand what kind of
pictures are there) and sent a link of them to all ur friends. I have
already replied back. Said, that he is an indiot. See the link:
http://ehuvinuru.digitalzones.com/fozogaly.html
Take care........
--------------------
That link took me to some server out in Brazil and it wanted me to
install some type of flash player... I didn't really have the time to
look into it just to see what it would do and where it would take me so
if this is your cup of tea, have at it.
Cheers,
SDA
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists