I'm sure everyone has seen this at some point. You get a spoofed message from one of your contacts with only a single hyperlink in it. Obviously a spam/phishing email.
I just got one and looked at the headers expecting to see it come from some poor saps home PC. It actually came from the real AOL mail servers and not someones compromised home PC. I've seen this from MSN, Hotmail and AOL accounts. Does anyone know how this happens? Is it some sort of XSS vuln that is able to harvest an address book and send out messages in these free email web interfaces? Possibly a malicious rolling advertisement that hits these sites and simply getting into your email pwns you? I know there are a million possibilities but was wondering if anyone knew for sure. -C
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
