RandallM wrote: > anyone see this type of email going around? this particular one was > addressed by our President and aimed at our controller. fortunitly the > controller was wise enough not to click. the links will dl a program > but the headers of course are all giving to another address. the "dL > box" shows from an IP rather then adobe.
The .EXE and .PDF you mention are now unavailable, but the (bogus) adobe.us.to domain still redirects to the actual hosting site -- a (presumably popped) trixbox at 91.184.204.20. Despite the target .EXE being down (for now) you should file an abuse complaint with afraid.org, owners of us.to and who provide dynamic DNS and URL redirector services through that domain. With the "front" domain still up, the perps can trivially reconfigure the adobe.us.to redirector to their next compromised hosting box. Killing the adobe.us.to domain renders all yet-to-be-read messages they've sent worthless. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
