On Mon, 7 Jun 2004, Justin Mason wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Actually, quite a lot of phishing attempt spams *do* link to websites > with serious malware payloads, and even sophisticated target-specific > trojans. I saw a dissection of one online somewhere -- it took > *screenshots* to get through one UK bank's security. scary. > > - --j. > > Brian Godette writes: > > This one got nailed mostly by FORGED_THEBAT_HTML but I found it interesting > > in > > that it's an attempt to infect people with (according to Kaspersky) > > TrojanDownloader.VBS.Psyme.ag > > > > The href points to a malicious site that loads main1.chm which has the > > trojan > > as part of the payload. > > > > Of course all item #'s are invalid.
I ran into this a month ago (my attempts to report it to this list were blocked, see http://www.icaen.uiowa.edu/~dbfunk/post-attempt.txt ). It's one virus's attempt to spread itself. I'll bet that if you check the system that sent you that spam and the system that is being refered to in that URL, you'll find that they are -both- infected with viruses. This is even more scary, viruses are using multiple systems in a co-oridinated attack. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{
