David Milholen wrote:
I had a customer send me an email that came to his inbox and it had a
small paragraph that explained that squirrelmail users needed to upgrade
to some new package due to some confusion with earlier releases and to
click here for updates.
I told him not to click anything and forward as an attachment so I could
review it. When I clicked the link firefox told me the site was a
phishing site and asked to continue.
Anyone seen that before?
TM
DAVE
from the squirrelmail site
/quote
*SECURITY: Spam Alert*
/Feb 23, 2009 by Paul Lesniewski/
The spammer that has been sullying our good name for the past year
continues to send out huge amounts of spam encouraging people to
supposedly upgrade to what they claim is our newest version, 1.4.15.
That is in fact not our newest version, but moreover, they provide a
link in their spam that sends the victim to a login page that looks like
the normal SquirrelMail login page - if you input any credentials on
this page, of course, the spammer takes them and most likely uses them
to send spam from your email account. You can NEVER upgrade SquirrelMail
by simply "logging in" somewhere. The SquirrelMail team NEVER sends out
unsolicited email, especially any that require your personal email
username and password!
/endquote
you should have squirrelmail-toaster-1.4.17-1.3.11 on your server as it fixes a
known security vulnerability.
from the toaster site:
*12/11/2008* - Updated Squirrelmail to 1.4.17 to resolve security vulnerability
CVE-2008-2379.
so, yeah, there is a 99% probability there is some social engineering going on
there.
--
Regards,
fuzzy
---------------------------------------------------------------------------------
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com