[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Orkut exploit

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Orkut exploit
From: "Ademar Gonzalez" <ademar.gonzalez@xxxxxxxxx>
Date: Wed, 28 Jun 2006 12:07:24 -0400

Don't know if you guys have seen this. Just got it in my gmail
account, it tries to execute the file scrapbook.exe from :

http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe

Karpesky says is Trojan-Spy.Win32.Banker.anv

attached is the original emai.

ciao ciao

ademar

                                                                                
                                                                                
                                                                                
               
Received-SPF: neutral (gmail.com: 200.21.86.226 is neither permitted nor denied 
by best guess record for domain of nobody@xxxxxxxxxxx)
Received: by michelangel.idsn.gov.co (Postfix, from userid 99)
        id EBAC317DC4; Wed, 28 Jun 2006 09:31:23 -0500 (COT)
To: ademar.gonzalez@xxxxxxxxx
Subject: Karina Lima deixou um recado para voce!
X-Message-Status: s1:0
X-SID-PRA: Karina Lima <no-reply@xxxxxxxxx>
X-SID-Result: TempError
Errors-To: no-reply@xxxxxxxxx
From: Karina Lima <no-reply@xxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-encoding: 8bit
Reply-To: Karina Lima <no-reply@xxxxxxxxx>
Message-ID: <813b8c66f3c6555d06885de863df4b00@>
Conversion-With-Loss: Yes
Sensitivity: 3
Expiry-Date: Never
X-Priority: 3
X-MSmail-Priority: High
X-Originating-Email: [Karina Lima]
X-Originating-IP: [200.201.120.121]
X-iGspam-global: Unsure, spamicity=0.748491 - pe=7.48e-01 - pf=0.748491 - 
pg=0.748491
X-oemPro-CSID: MjgxXzI3NA==
X-oemPro-MsgId: YWRlbWFyLmdvbnphbGV6QGdtYWlsLmNvbQ0=
Date: Wed, 28 Jun 2006 09:31:23 -0500 (COT)

<table cellSpacing="8" cellPadding="0" width="100%" align="center" border="0" 
nowrap>

  <tbody>

    <tr>

      <td>

        <div>

          <div style="BACKGROUND-COLOR: #d4dded">

            <p> </p>

            <p> </p>

            <table id="AutoNumber1" style="BORDER-COLLAPSE: collapse" 
borderColor="#0000ff" cellSpacing="0" cellPadding="0" width="92%" 
bgColor="#ffffff" border="0">

              <tbody>

                <tr>

                  <td width="64%">

                    <p align="left"><span id="ws"> </span></p>

                    <p align="left">Olá,<br>

                    <br>

                    Karina Lima deixou um recado para você.<br>

                    <br>

                    Para ver o perfil de Karina, clique em:<br>

                    <a 
href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Profile.aspx?uid=15566759696860888154</a><br>

                    <br>

                    Para ler o novo recado, visite o orkut.<br>

                    <br>

                    <a 
href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Scrapbook.aspx</a><br>

                    <br>

                    <br>

                    * * *<br>

                    <br>

                    Para controlar os emails de notificação, acesse suas

                    Configurações de conta:<br>

                    <br>

                    <a 
href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Settings.aspx</a><br>

                    <br>

                    Se você não for usuário do orkut e quiser impedir que 
usuários

                    do orkut lhe enviem<br>

                    e-mails, visite:<br>

                    <br>

                    <a 
href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Block.aspx</a><br>

                    <span id="ws"><br>

                     </span></p>

                  </td>

                  <td width="36%"><span id="ws1"><a 
href="javascript:ol('http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe');"><img
 alt="Orkut" src="https://www.orkut.com/img/i_o.gif"; border="0" width="58" 
height="20"></a></span><br>

                    <span id="ws0"><a 
href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";><img 
title="quem você conhece?" alt="quem você conhece?" 
src="https://www.orkut.com/img/pt-BR/wdyk.jpg"; border="0" width="240" 
height="136"></a></span></td>

                </tr>

              </tbody>

            </table>

            <p><br>

             </p>

            <table cellSpacing="0" cellPadding="0" width="100%">

              <tbody>

                <tr>

                  <td class="I" style="BACKGROUND-REPEAT: repeat-x" 
vAlign="top" background="https://www.orkut.com/img/tr1.gif"; rowSpan="2">serviço

                    filiado ao Google</td>

                </tr>

              </tbody>

            </table>

          </div>

        </div>

      </td>

    </tr>

  </tbody>

</table>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Orkut exploit
  - From: nocfed

Prev by Date: Re: [Full-disclosure] Breaking Passwords
Next by Date: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System
Previous by thread: Re: [Full-disclosure] thc.org
Next by thread: Re: [Full-disclosure] Orkut exploit
Index(es):
- Date
- Thread