HTML/Javascript attached emails

[Kymmy]

Just a word of warning guys, there's aquite a few emails going around with a HTML attachment which contains some nice little javascript that will probably either bypass your firewall or give them all of your details.

I've had two types atm

First one is

Quote:

Hey there.

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Yours,
Facebook=


facebook_newpass.html

and the second (since deleted) was from my email administrator telling me that my account had been accessed by a thrid party and could I follow the link to reset the password (really weird that one as I only use my own domains and I fully administrate it myself) but I can see a few people getting caught.

So watch out guys as these files are NOT being caught by any virus checkers atm.

[Raistlin]

Don't suppose you've still got the attachment or the script by any chance?

[Kymmy]

Yep, will zip and send to you

[Raistlin]

Thx, I'll PM you a different email address - slightly safer one

[Kymmy]

Oh, too late, it's gone to your registered address.. It's quite safe and RAR'd up

[Raistlin]

Ok, thanks

[Kymmy]

Just found out more info on it, turns out it's just a simple compessed script with a redirect to a pharmasutical spam site

http://translate.google.co.uk/transl...lab.com%2Fasec

Link to Korean blog where they've investigated the script (through google translate)

Either way you just know the destination site has got the full spyware/adware packages on it

[Raistlin]

Yup.

Just done some playing with the script myself, it's pretty simple as you say - I went to that site very carefully, I didn't do any real poking around but as you say I'm sure it will be full of all sorts of nasty crap.

[Kymmy]

I wonder what else they'll try next ??

[Kymmy]

Norton, Microsoft, AVG and a few others are now starting to catch this javascript redirector Just got a new one from PayPaI.com (yes paypai and not paypal )

[Matty_]

On a slightly different note also be aware that quite a few Java exploits are going around in the wild, some from legit websites, blogs, etc.

I know there are a lot of Java based apps out there but if you don`t really use/need it, is it worth having it installed seen as the bad guys seem to be targeting it more often (plus Sun/Oracle`s dire security patching)

At the very least if your a 32Bit user you could use sandboxie thus mitigating the risk.

Some debate here http://krebsonsecurity.com/2010/06/d...-java-junk-it/