E-Mail Hoaxing Dell Online Store Installs Malicious CodeA fraudulent e-mail campaign has started in Australia, according to reports coming to Websense Security Labs. The Australia-CERT has reported that the e-mail is a hoax from the Dell online store that lures users to visit a malicious website. The e-mail talks about charging the users for purchasing a camera and urges the recipient to visit a site where the person can view his/her profile. The site encodes the recipient's code using a JavaScript. On decoding the hoax e-mail, eight different IFRAMES emerge. These try to load exploit code while also downloading and installing other malicious code. Even the site seems to go up and down in scattered instances. Spoof e-mails have a common characteristic i.e., they reference a fraudulent e-mail address like info@care.com or customerservice@dell.com. Dell assures users the order references that the hoax e-mails describe are not authentic and that the company hasn't charged for any such non-existent order. Gareth Davies, territory manager at Websense A/NZ, said that as soon as the user enters onto the link, it installs a malicious Trojan program, which searches random numbers like bank account numbers. The attack appears to originate from Dell, UK but it seems to have started in Australia. The IP address is testimony that the attacker was successful in using it previously, said Davies. Crn.com published this as news on May 18, 2007. According to Mathew McGlashan, group leader of coordination center at Aus-CERT (Australia Computer Emergency Response Team), the scam was widespread and t the IP address had been targeting Australians in an earlier attack. In the past, the IP address also appeared with the subject head "Sexy lady looking for some fun in Australia" in which Vicky Hatchetson seeks to enjoy some time, according to the news reported by Crn.com on May 18, 2007. The Aus-CERT notes that since the attack encodes the JavaScript, IDS systems could fail to detect and stop it. However, stopping the IP address 147.202.42.249 at the gateway entrance can safeguard users. Another option is to block pop-ups in the doubtful areas in the browser. Finally, not entering onto links in undesirable e-mails is a basic protection. Related article: E-Crime Reporting Format To Be Launched in July ยป SPAMfighter News - 5/23/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
