On Monday 07 June 2004 07:13 pm, David B Funk wrote: > On Mon, 7 Jun 2004, Justin Mason wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > Actually, quite a lot of phishing attempt spams *do* link to websites > > with serious malware payloads, and even sophisticated target-specific > > trojans. I saw a dissection of one online somewhere -- it took > > *screenshots* to get through one UK bank's security. scary. > > > > - --j. > > > > Brian Godette writes: > > > This one got nailed mostly by FORGED_THEBAT_HTML but I found it > > > interesting in that it's an attempt to infect people with (according to > > > Kaspersky) TrojanDownloader.VBS.Psyme.ag > > > > > > The href points to a malicious site that loads main1.chm which has the > > > trojan as part of the payload. > > > > > > Of course all item #'s are invalid. > > I ran into this a month ago (my attempts to report it to this list were > blocked, see http://www.icaen.uiowa.edu/~dbfunk/post-attempt.txt ). > It's one virus's attempt to spread itself. > I'll bet that if you check the system that sent you that spam > and the system that is being refered to in that URL, you'll find that > they are -both- infected with viruses. > > This is even more scary, viruses are using multiple systems in a > co-oridinated attack.
And of course one of the items in the virus payload now is *always* a relay/proxy that can be used for spam, which is what makes it (barely) relevant to the list.
