Hey, you have a new Greeting !!! (exploit for Win32)
Bob Middaugh
bob.middaugh at comcast.net
Wed Sep 12 08:10:02 PDT 2007
Just an FYI
If you're on a win32 machine, and read your mail in HTML, don't open this as it will execute a .pif file ( win32 PE, portable executable) that wants to put sup.bat in your /system32 to do something undesirable...haven't figured that out yet.
If you read in plain text, you'll see this link: http://members.lycos.co.uk/patacftp/postcard.pif
Don't click on that either.
We're blocking .pif at the SMTP gateway.
This is what symantec says when I scan it:
Scan type: Manual Scan
Event: Threat Found!
Threat: IRC Trojan
-------------- Original message ----------------------
From: Greetings.com <Greeting at Greetings.com>
>
> Hello friend !
> You have just received a postcard Greeting from someone who cares
> about you...
>
> Just click [1]here to receive your Animated Greeting !
>
> Thank you for using www.Greetings.com services !!!
> Please take this opportunity to let your friends hear about us by
> sending them a postcard from our collection !
>
>
> References
>
> 1. http://members.lycos.co.uk/patacftp/postcard.pif
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list