NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0230 Greeting Card Attacks:
A new round of greeting card spam that draws users to attack sites relies on a sophisticated multi-pronged, multi-exploit strike force to infect machines, security professionals said late today. Captured samples of the spam have all borne the same subject line - "You've received a postcard from a family member!" -- and contain links to a malicious web site, where JavaScript determines whether the victim's browser has scripting enabled or turned off. If JavaScript is disabled, then they provide you a handy link to click on to exploit yourself, SANS Institute's Internet Storm Center (ISC) said. The greeting card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability, the second an attack on the popular WinZip compression utility and the third, dubbed "the Hail Mary" by ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last october. ISC said several antivirus vendors had tentatively pegged the executable malware -- the file offere to users whose browsers have JavaScript disabled - as a variation of the Storm Trojan, an aggressive piece of malware that has been hijacking computers to serve as attacker bots since early this year.
(ComputerWorld 28JUN07)