|
A new wave of "Internet Explorer 7.0 Beta" spam is currently being reported. All links to an "update.exe" file, which is hosted on various URLs. The e-mail message is adopting spam methods by "hiding" the image link among chunks of text copied from web sites.
Characteristics: From: admin@microsoft.com Subject: Internet Explorer 7.0 Beta URL: we have seen these so far (but there are likely many more): httx://xoozee. cd/update.exe httx://merzingo. cd/update.exe httx://endfriends. cd/update.exe httx://netdesks. cd/update.exe httx://pleasedostock. hk/update.exe httx://wordcasts. cd/update.exe httx://abyssrecycling. co.uk/images/update.exe httx://accentstaffing. com/images/update.exe httx://bcweblist. com/images/update.exe httx://actorsandactresses. co.uk/images/update.exe httx://mikelike .cd/update.exe It doesn't look like a feasable idea to block all these sites. However, you probably should filter e-mail from 'admin@microsoft.com' (that particular "From" address has been used in the past). update.exe itself is a downloader which will install a second stage binary upon execution.I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022 |
Johannes 4479 Posts ISC Handler May 7th 2007 |
| Thread locked Subscribe |
May 7th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
