Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Security & Virus Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=38)
-   -   HTML/Javascript attached emails (https://www.cableforum.uk/board/showthread.php?t=33666251)

Kymmy 15-06-2010 10:18
HTML/Javascript attached emails
 
Just a word of warning guys, there's aquite a few emails going around with a HTML attachment which contains some nice little javascript that will probably either bypass your firewall or give them all of your details.

I've had two types atm

First one is

Quote:
Hey there.

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Yours,
Facebook=


facebook_newpass.html
and the second (since deleted) was from my email administrator telling me that my account had been accessed by a thrid party and could I follow the link to reset the password (really weird that one as I only use my own domains and I fully administrate it myself) but I can see a few people getting caught.

So watch out guys as these files are NOT being caught by any virus checkers atm.

Raistlin 15-06-2010 10:48
Re: HTML/Javascript attached emails
 
Don't suppose you've still got the attachment or the script by any chance?

Kymmy 15-06-2010 10:49
Re: HTML/Javascript attached emails
 
Yep, will zip and send to you

Raistlin 15-06-2010 10:50
Re: HTML/Javascript attached emails
 
Thx, I'll PM you a different email address - slightly safer one :D

Kymmy 15-06-2010 10:53
Re: HTML/Javascript attached emails
 
Oh, too late, it's gone to your registered address.. It's quite safe and RAR'd up

Raistlin 15-06-2010 10:58
Re: HTML/Javascript attached emails
 
Ok, thanks :)

Kymmy 15-06-2010 11:00
Re: HTML/Javascript attached emails
 
Just found out more info on it, turns out it's just a simple compessed script with a redirect to a pharmasutical spam site

http://translate.google.co.uk/transl...lab.com%2Fasec

Link to Korean blog where they've investigated the script (through google translate)

Either way you just know the destination site has got the full spyware/adware packages on it :(

Raistlin 15-06-2010 11:14
Re: HTML/Javascript attached emails
 
Yup.

Just done some playing with the script myself, it's pretty simple as you say - I went to that site very carefully, I didn't do any real poking around but as you say I'm sure it will be full of all sorts of nasty crap.

Kymmy 15-06-2010 11:16
Re: HTML/Javascript attached emails
 
I wonder what else they'll try next ?? :(

Kymmy 22-06-2010 11:42
Re: HTML/Javascript attached emails
 
Norton, Microsoft, AVG and a few others are now starting to catch this javascript redirector :tu: Just got a new one from PayPaI.com (yes paypai and not paypal :D )

Matty_ 22-06-2010 18:32
Re: HTML/Javascript attached emails
 
On a slightly different note also be aware that quite a few Java exploits are going around in the wild, some from legit websites, blogs, etc.

I know there are a lot of Java based apps out there but if you don`t really use/need it, is it worth having it installed seen as the bad guys seem to be targeting it more often (plus Sun/Oracle`s dire security patching)

At the very least if your a 32Bit user you could use sandboxie thus mitigating the risk.

Some debate here http://krebsonsecurity.com/2010/06/d...-java-junk-it/


All times are GMT +1. The time now is 10:17.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum