[71703] in North American Network Operators' Group
Re: Interesting Occurrence
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Mon Jun 21 14:29:59 2004
Date: Mon, 21 Jun 2004 14:17:13 -0400
To: nanog@merit.edu
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <OF98851BAA.5F0A4E9F-ON86256EBA.005FCB8E-85256EBA.006179AB@
aon.com>
Errors-To: owner-nanog-outgoing@merit.edu
Not the best place to ask (full-discloure or the incidents list perhaps),
but there are numerous phishing scams going of late (I get 3 or 4 a day)
that exploit an unpatched IE bug....
e.g. the spam reads
You Have a VoiceMessage Waiting Priority :Urgent From:xxx xxx
http://www.ONEvoicemailbox.net/voicemail/
(replace ONE with "1" in the host)-- I strongly suggest NOT going to this
site with IE
This particular site crams in a keylogger into your PC by use of
http://221.4.203.78/bestadult/shellscript_loader.js
http://221.4.203.78/bestadult/shellscript.js
---Mike
At 01:44 PM 21/06/2004, Brent_OKeeffe@asc.aon.com wrote:
>Okay... Here is a new one for me. Got a call from my dad saying he left
>his PC on last night connected to his broadband. He went to log in this
>morning and noticed a new ID in his user list - IWAP_WWW. He immediately
>deleted is and called me. I had him ensure his critical updates we all
>applied - they were. I had him ensure his antivirus was up to date - it
>was (Norton Antivirus 2004). He is running XP Home.
>
>I searched the antivirus sites and elsewhere for references. Any idea if
>there is a new vulnerability that has not been publicly released? Any clues?
>
>Regards,
>Brent
