One example of the scam involved a false e-gold account warning. The miscreant site used frames to pull the actual menu and an alert message from the legitimate e-gold site. Ironically, the alert message warned users about the dangers of phishing scams. The site also included an iframe that secretly delivered the malicious downloader Trojan via the exploit.
The malicious exploit allows an attacker to specify a 'local' compiled help (CHM) file which is actually a redirect to a remote CHM file. Because CHM files are trusted, Internet Explorer allows them to be opened in the Local Compuer Zone, thus bypassing the more restrictive Internet Security Zones. Once executed, the malicious CHM file downloads and runs an HTML file that then drops the Trojan.
Microsoft released a patch for the critical security flaw (MS04-013) on April 13, 2004. The vulnerability impacts any Windows operating systems that has Outlook Express versions 5.5 SP2 through version 6 SP1 installed. Outlook Express does not need to be the default mail client for the flaw to be exploited, thus Windows users employing other mail clients such as Eudora, Pegasus, etc. are equally vulnerable.
To protect against this exploit, visit the Windows Update site and install any critical updates required for your system, in particular MS04-013. Additionally, make sure you know how to ferret out a fake link in email. Otherwise, you may wish to avoid clicking email links altogether unless you are certain as to their source.
- Resources related to this topic: