[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] New Social Engineering for MS03-32
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] New Social Engineering for MS03-32
- From: "Michael Tighe" <mtighe@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 Sep 2003 10:52:06 -0400
I got "interesting" email this weekend. Someone is
suggesting that I go to their site to send an email
greeting card to someone and use that to SPY on them:
"Spy on Anyone by sending them an Email-Greeting Card!
Spy Software records their emails, Hotmail, Yahoo,
Outlook, ACTUAL Computer Passwords, Chats, Keystrokes,
PLUS MORE..
Check up on your SPOUSE, KIDS, or EMPLOYEES!
Follow This Link To Begin... "
This has two layers of social engineering: one, it causes
you to click on a link. If you've not got a completely
good patch (or not immune to) the MS IE ObjectTag bug
(http://www.microsoft.com/technet/security/bulletin/MS03-032.asp),
then you can catch something.
But even if they are offering a valid service, it looks
like what they are doing is capitalizing on the fact that
your "anyone" isn't patched either - because by getting them
to open your greeting card, you can use MS03-32 to install
spyware.
Yeesh!
PS: the URL in my email appears to be
http://www.goohle.us/index.php?afil=1025
Your mileage may vary. I liked that the DOMAIN name was
"goohle" rather than "google". I almost didn't notice
the misspelling. A preliminary look suggests that
"goohle" is used as a keyword for pictures and websites
of a specific sort.
-- Michael Tighe
email: tighe@xxxxxxxxxxxxxxxxxxxx
phone: 781-676-6700
MSN Messenger: tighe@xxxxxxxxxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html