E-Mail Hoaxing Dell Online Store Installs Malicious Code
A fraudulent e-mail campaign has started in Australia, according to reports coming to Websense Security Labs. The Australia-CERT has reported that the e-mail is a hoax from the Dell online store that lures users to visit a malicious website.
On decoding the hoax e-mail, eight different IFRAMES emerge. These try to load exploit code while also downloading and installing other malicious code. Even the site seems to go up and down in scattered instances.
Spoof e-mails have a common characteristic i.e., they reference a fraudulent e-mail address like firstname.lastname@example.org or email@example.com. Dell assures users the order references that the hoax e-mails describe are not authentic and that the company hasn't charged for any such non-existent order.
Gareth Davies, territory manager at Websense A/NZ, said that as soon as the user enters onto the link, it installs a malicious Trojan program, which searches random numbers like bank account numbers.
The attack appears to originate from Dell, UK but it seems to have started in Australia. The IP address is testimony that the attacker was successful in using it previously, said Davies. Crn.com published this as news on May 18, 2007.
According to Mathew McGlashan, group leader of coordination center at Aus-CERT (Australia Computer Emergency Response Team), the scam was widespread and t the IP address had been targeting Australians in an earlier attack.
In the past, the IP address also appeared with the subject head "Sexy lady looking for some fun in Australia" in which Vicky Hatchetson seeks to enjoy some time, according to the news reported by Crn.com on May 18, 2007.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 23-05-2007