I just sent it to the campus.... thanks! On Fri, Jun 26, 2009 at 9:55 AM, Jon Harris <[email protected]> wrote:
> Thank's Sherry I have (l)users that would go there! > > Jon > > On Fri, Jun 26, 2009 at 10:49 AM, Sherry Abercrombie <[email protected] > > wrote: > >> *We received this notification from Websense this morning. I thought it >> was pertinent information that should be passed on. >> ****<http://[email protected]> >> *d011 >> >> >> *From:* Websense Security Labs [mailto: >> [email protected]] >> *Sent:* Friday, June 26, 2009 7:09 AM >> *To:* Duke, Brian >> *Subject:* Security Alert: Michael Jackson Death Prompts Malicious Spam >> >> >> >> Websense Security Labs(TM) ThreatSeeker(TM) Network has discovered spam >> emails offering recipients links to unpublished videos and pictures of >> singer Michael Jackson. According to news >> reports<http://edition.cnn.com/2009/SHOWBIZ/Music/06/25/michael.jackson/index.html>Michael >> Jackson's death was confirmed yesterday. >> >> The spam email appears to offer a link to a YouTube video, but instead >> sends the recipient to a Trojan Downloader hosted on a compromised Web site. >> The file offered is called *Michael.Jackson.videos.scr* (MD5: >> 664cb28ef710e35dc5b7539eb633abca). This file is located on a legitimate Web >> site hosted in Australia belonging to a radio broadcasting station. Upon >> executing the file, a legitimate Web site at >> http://musica.uol.com.br/ultnot/2009/06/25/michael-jackson.jhtm is opened >> by the default browser in order to distract the user by presenting a news >> article for them to read. >> >> In the background, three further information-stealing components are >> downloaded and installed by the malware. One of the downloaded files is >> called *michael.gif*, which has low AV detection rates - see VT results >> here<http://www.virustotal.com/analisis/67cba7b9d91e1cbcac0f22b5f4bcf12f4b07a1a62d7d3018e28ccd5ee93e0ce4-1246012313>. >> The malware then installs a malicious BHO that is registered with this file >> *%windir%/Dynamic.dll* and this GUID >> {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}. Another component is bound to >> startup at *%windir%\system32\kproces.exe*. Another malicious file >> installed by the malware is *%windir%\system32\fotos.exe*. >> >> Websense® Messaging and Websense Web Security customers are protected >> against this attack. >> >> To view the details of this alert Click >> here<http://securitylabs.websense.com/content/Alerts/3426.aspx> >> >> Protected by Websense Hosted Email Security — www.websense.com >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> > > > > > -- Organization and good planning are just crutches for people that can't handle stress and caffeine. - unknown ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
