Hi All, Warning be careful with the links in this email.
Posted in the SANS diary by Johannes Ullrich: A user submitted a fake e-mail, which is using the %01 MSIE bug to trick the user into downloading a Trojan. [snip] This appears to be bigger than Yahoo being faked. I recently received this faked email: Virus Alert To:mjcarter From: ihug.co.nz's Internet Virus Department We have detected a possible computer virus on your computer, You must open the details of the report within 24 hours our we will be forced to shut down your internet service. Please Click Below Then Press "open" To View The Report If you do not open this report in 24 hours we will suspend your internet service If nothing apears on your virus report please dis-regard this message Click Here Now <http://[EMAIL PROTECTED]/special2/> Clicking on the link takes me to http://dzmj6u1ziuzb4r3tzaj0zafl.euphoriaja.com/special2/ which redirects to http://66.98.208.24/cgi-bin/page.cgi and attempts to download page.hta which McAfee detects as VBS/Inor. I've contacted my ISP and forwarded to them, I wonder how many other ISPs are about to be flooded with calls. Note the URL is changing, it was originally http://66.98.208.24/cgi-bin/page.cgi which was shut down. But is now residing at http://210.51.184.247/cgi-bin/page.cgi inetnum: 210.51.0.0 - 210.51.255.255 netname: CNCNET descr: China Netcom Corp. descr: New Telecommunication Carrier Based on IP Backbone country: CN admin-c: JM284-AP tech-c: JM284-AP mnt-by: APNIC-HM mnt-lower: MAINT-CN-ZM28 changed: [EMAIL PROTECTED] 20001011 changed: [EMAIL PROTECTED] 20020703 changed: [EMAIL PROTECTED] 20030212 status: ALLOCATED PORTABLE source: APNIC Regards Mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html