Flickr targetted in new-style social phish/trojan attack
viruses, posted: 1-NOV-2006 15:05
My MSN account had a peculiar looking message in it recently:
I don't have a photo on Flickr so I assumed this was some sort of "click me and get h4x3d" type of email - and indeed it was.
The link went (still goes as of writing this) to a compromised server in Norway that's hosting a copy of a Flickr page belonging to a real user on that site. When you land on the compromised site, IE7 asks if you want to allow it to run "outlook.exe". I didn't allow it to this though. :)
I'm not sure what exactly would've happened if I had allowed the site to run outlook.exe - next time I checked, the account on a server in Russia that the attacker used had been suspended, so nothing happened. Perhaps the attacker tried to plant stuff on your machine from the server in Russia, or was simply firing up Outlook to do a quick spam run. There's nothing now in the HTML on the site that shows what the intention was, although the spammer left some code pointing to a stats counter...
Either way, this could be the beginning of "social phishing", I think.
Other related posts:
Email servers strain under doubled spam load
I don't have a photo on Flickr so I assumed this was some sort of "click me and get h4x3d" type of email - and indeed it was.
The link went (still goes as of writing this) to a compromised server in Norway that's hosting a copy of a Flickr page belonging to a real user on that site. When you land on the compromised site, IE7 asks if you want to allow it to run "outlook.exe". I didn't allow it to this though. :)
I'm not sure what exactly would've happened if I had allowed the site to run outlook.exe - next time I checked, the account on a server in Russia that the attacker used had been suspended, so nothing happened. Perhaps the attacker tried to plant stuff on your machine from the server in Russia, or was simply firing up Outlook to do a quick spam run. There's nothing now in the HTML on the site that shows what the intention was, although the spammer left some code pointing to a stats counter...
Either way, this could be the beginning of "social phishing", I think.
Tag(s):
Other related posts:
Email servers strain under doubled spam load
Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.