David Milholen wrote:
I had a customer send me an email that came to his inbox and it had a
small paragraph that explained that squirrelmail users needed to upgrade
to some new package due to some confusion with earlier releases and to
click here for updates.
 I told him not to click anything and forward as an attachment so I could
review it. When I clicked the link firefox told me the site was a
phishing site and asked to continue.
 Anyone seen that before?
TM
DAVE


from the squirrelmail site

/quote

*SECURITY: Spam Alert*
/Feb 23, 2009 by Paul Lesniewski/
The spammer that has been sullying our good name for the past year continues to send out huge amounts of spam encouraging people to supposedly upgrade to what they claim is our newest version, 1.4.15. That is in fact not our newest version, but moreover, they provide a link in their spam that sends the victim to a login page that looks like the normal SquirrelMail login page - if you input any credentials on this page, of course, the spammer takes them and most likely uses them to send spam from your email account. You can NEVER upgrade SquirrelMail by simply "logging in" somewhere. The SquirrelMail team NEVER sends out unsolicited email, especially any that require your personal email username and password!

/endquote


you should have squirrelmail-toaster-1.4.17-1.3.11 on your server as it fixes a 
known security vulnerability.

from the toaster site:

*12/11/2008* - Updated Squirrelmail to 1.4.17 to resolve security vulnerability 
CVE-2008-2379.


so, yeah, there is a 99% probability there is some social engineering going on 
there.


--
Regards,
fuzzy


---------------------------------------------------------------------------------
                Managed Qmailtoaster servers are now available
      Visit http://qmailtoaster.com/QMTManaged.html to order yours today!

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)

    Please visit qmailtoaster.com for the latest news, updates, and packages.


         To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
        For additional commands, e-mail: testing-h...@qmailtoaster.com


Reply via email to