WSLabs Bulletins: New fake patch malicious code run ....
Posted: Mon Jul 09, 2007 10:33 am Post subject: WSLabs Bulletins:
New fake patch malicious code run
--------------------------------------------------------------------------------
WSLabs Bulletins: New fake patch malicious code run .....
----- Original Message -----
From: Websense Security Labs
To: gerald
Sent: Monday, July 09, 2007 10:18 AM
Subject: WSLabs, Malicious Websites / Malicious Code: New fake patch
malicious code run
Websense® Security Labs(TM) has received reports that a new email
campaign is spreading that attempts to lure users into downloading
malicious code. It appears as though the same group that was behind
the widespread attacks July 4th, that used greeting card lures to
spread, are behind this also. The July 4th greeting card had more than
250 sites that were hosting a variety of malicious code. The websites
are using the exact same JavaScript obfuscation technique and exploit
code as the greeting card run also.
All emails use URL's that send users to an IP address that will
attempt to exploit the users if there browsers are vulnerable. If the
browser is not vulnerable the exploit code will not work, however the
page will attempt the user to download a file called patch.exe by
displaying a message "If your download does not start in approximately
15 seconds click here to download".
The theme of the new email campaigns are based around a new patch that
is available for users who may have been infected with a recent Worm.
Subject lines we have seen so far are:
* Virus Detected!
* Trojan Alert!
* Worm Alert!
* Worm Activity Detected!
Assuming users are running vulnerable browsers, several files will be
downloaded and run on their machines and Trojan Horses will be
installed. As in the July 4th greeting card attacks their are several
versions of the code that are being uploaded by the attackers in order
to thwart detection.
Websense security customers are protected against customer connecting
to the websites hosting the malicious code.
For additional details and information on how to detect and prevent
this type of attack:
http://www.websensesecuritylabs.com/...hp?AlertID=786
=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-
Websense Security Labs discovers and investigates today's advanced
internet threats and publishes its findings enabling
organizations to best protect employee computing environments from
increasingly sophisticated and dangerous internet threats.
To unsubscribe: http://www.websensesecuritylabs.com/unsubscribe
FAQs: http://www.websensesecuritylabs.com/about/
Download a free 30 day trial: http://www.websense.com/downloads/SecurityLabs/
#####SPY-LERTS FROM BLUECOLLARPC.NET#####
Mail List: spy-lerts@bluecollarpc.net
Subscribe: spy-lerts-subscribe@bluecollarpc.net
Unsubscribe: spy-lerts-unsubscribe@bluecollarpc.net
List Owner: postmaster@bluecollarpc.net
List Information: http://www.bluecollarpc.net/spy-lerts.html
SPF Protected (Sender Authentication) http://spf.pobox.com
MODERATOR ANNOUNCEMENT ONLY LIST / NO REPLY
*****Moderated List, Internal Anti-Virus Protected*****
_________________
*****BlueCollarPCNet Forum Owner*****
http://bluecollarpc.net/phpbb2/index.php
Reply With Quote