Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

E-Mail Hoaxing Dell Online Store Installs Malicious Code

A fraudulent e-mail campaign has started in Australia, according to reports coming to Websense Security Labs. The Australia-CERT has reported that the e-mail is a hoax from the Dell online store that lures users to visit a malicious website.

The e-mail talks about charging the users for purchasing a camera and urges the recipient to visit a site where the person can view his/her profile. The site encodes the recipient's code using a JavaScript.

On decoding the hoax e-mail, eight different IFRAMES emerge. These try to load exploit code while also downloading and installing other malicious code. Even the site seems to go up and down in scattered instances.

Spoof e-mails have a common characteristic i.e., they reference a fraudulent e-mail address like info@care.com or customerservice@dell.com. Dell assures users the order references that the hoax e-mails describe are not authentic and that the company hasn't charged for any such non-existent order.

Gareth Davies, territory manager at Websense A/NZ, said that as soon as the user enters onto the link, it installs a malicious Trojan program, which searches random numbers like bank account numbers.

The attack appears to originate from Dell, UK but it seems to have started in Australia. The IP address is testimony that the attacker was successful in using it previously, said Davies. Crn.com published this as news on May 18, 2007.

According to Mathew McGlashan, group leader of coordination center at Aus-CERT (Australia Computer Emergency Response Team), the scam was widespread and t the IP address had been targeting Australians in an earlier attack.

In the past, the IP address also appeared with the subject head "Sexy lady looking for some fun in Australia" in which Vicky Hatchetson seeks to enjoy some time, according to the news reported by Crn.com on May 18, 2007.

The Aus-CERT notes that since the attack encodes the JavaScript, IDS systems could fail to detect and stop it. However, stopping the IP address 147.202.42.249 at the gateway entrance can safeguard users. Another option is to block pop-ups in the doubtful areas in the browser. Finally, not entering onto links in undesirable e-mails is a basic protection.

Related article: E-Crime Reporting Format To Be Launched in July

ยป SPAMfighter News - 23-05-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next