| Exploit-urlspoof-b | ||||||||
| Urgent sounding email tricks users | ||||||||
January 16, 2004: An erroneous warning about a possible computer virus is in reality a ploy to trick users into downloading malware from a China-hosted website. The email, dubbed Exploit-urlspoof-b by security software developer Network Associates (McAfee), pretends to be from the recipients domain administrator and threatens to shutdown the user's Internet access if they do not take action within 24 hours. The action the user is admonished to take involves following a link within the email. That link is also falsified to trick users into thinking it leads to the ISP's webservers. In reality, the link leads to a series of directories at the IP address 210.51.184.247, hosted by China Netcom Corp.
The website is embedded with VBS/Inor which then downloads the Cidra Trojan, a memory resident Trojan that can then download and execute other infected files.
The email used to carry out this ruse appears as follows:
Should you receive such an email, simply delete it. Do not click the link, as doing so can cause infection. Ensure you are patched against the Object Tag vulnerability exploited (See MS03-040) and other security exploits by visiting the Windows Update Center on a monthly basis.
Updated January 23, 2004: A variation of the above email has been discovered. That email reads:
Note if you do not read this withing 24 hours we at Should you receive such an email, simply delete it. Do not click the link, as doing so can cause infection. Ensure you are patched against the Object Tag vulnerability exploited (See MS03-040) and other security exploits by visiting the Windows Update Center on a monthly basis.
|
||||||||
Explore Antivirus Software
Must Reads
About.com Special Features
Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >
Easy ways to connect two computers for networking purposes. More >
©2009 About.com, a part of The New York Times Company.
All rights reserved.