Contrary to what your email says, Osama hasn't been captured..
Results 1 to 7 of 7

Thread: Contrary to what your email says, Osama hasn't been captured..

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Contrary to what your email says, Osama hasn't been captured..

    Damn virus writers. This is going to fill my email box for days as schmucks open this in hopes of hearing about it first hand that Osama has been captured.

    Source:Internet.com

    Those "Osama Bin Laden Captured" e-mails hammering your in-box today will attempt to download a Trojan if the embedded URL is clicked, anti-virus experts warned Friday.

    Glendale, Calif.-based Panda Software said the URL embedded in the e-mail directs users to what appears to be an advertising page before exploiting a known security vulnerability in Microsoft's Internet Explorer (IE) browser to download the trojan.

    The fake news item, purporting to come from CNN or the BBC and promising photographs and video of Bin Laden's capture, first appeared on instant messaging networks earlier this month. According to security analysts, it is yet another use of social engineering tactics by spammers to direct traffic to Web sites.

    The "Osama Bin Laden Captured" hoax includes following message text:

    "Hey, Just got this from CNN, Osama Bin Laden has been captured! Go to the link below to view the pics and to download the video if you so wish: (Internet address) "Murderous coward he is." God bless America!"

    If the link is activated via IE, the browser auto-executes a file called "EXPLOIT.EXE" and downloads an executable trojan, identified as "Trj/Small.B."

    The "Small.B" trojan opens ports on an infected machine and can be used to hijack PCs for use as spam zombies. The trojan has the ability to listen on the open port for instructions and redirects traffic to other IP addresses.

    "Spammers and hackers can take advantage of compromised systems by using the infected computer as a middleman, allowing them to pass information through it and remain anonymous," according to information provided by McAfee Security.

    A spokesperson for anti-virus firm Sophos told internetnews.com the malicious trojan will only affect users using an unpatched IE browser. Microsoft has issued cumulative patches the IE browser to plug known vulnerabilities. The latest updates for Internet Explorer are available here.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Happy Happy, Joy Joy..

    Now to start searching to see which ports it opens and to cross my fingers that they aren't random. If anyone stumbles across the information, i'd greatly appreciated it if you fired it my way. With all the idiot students in res, I know they're going to be getting it and forwarding it.

    *cries and hides under the desk*

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    I just checked all my emails....plenty of spam but no Osama. I'll get back to you as soon as I catch one.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ahhhhh...... And I just told my users a month ago that there was no attachment they _can't_ click on safely..... Most of my machines autoupdate from the SUS server.... But some don't yet.... another pain in the place I hate pains..... <sigh>
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    HT:

    Once on the user's machine, the Trojan opens a random port and sends the port information to a remote Web server. It then listens on that port for instructions. The Trojan can be used for sending spam, according to McAfee Security, a unit of Network Associates Inc., in Santa Clara, Calif.

    http://www.eweek.com/article2/0,1759,1572632,00.asp

    BTW the trojen isnt placed useing an attachment but rather is downloaded and run using a vuln in ie when they click on the link. if your patches are up to date on all the user's machnies you should be ok
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Tedob1
    HT:

    Once on the user's machine, the Trojan opens a random port and sends the port information to a remote Web server. It then listens on that port for instructions. The Trojan can be used for sending spam, according to McAfee Security, a unit of Network Associates Inc., in Santa Clara, Calif.

    http://www.eweek.com/article2/0,1759,1572632,00.asp

    BTW the trojen isnt placed useing an attachment but rather is downloaded and run using a vuln in ie. if your patches are up to date on all the users machnies you should be ok
    Damnit, thanks Tedob1... guess I won't be scanning to identify that one, thankfully the colleges firewall and NAT should be enough to keep everyone out, just have to worry about malicious students inside the network.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Got one....

    It contains the following text:-

    Just got this from CNN Osama Bin Laden has just been captured! A video and some pictures have been released. Goto the link below for pictures, I will update the page with the video as soon as I can:
    http://XXX.XX.XXX.54/pics/ God Bless America!
    Interestingly enough something along this "nasty's" travels stripped away the HTML leaving only the text which was handy since the lady receiving it had the preview pane open and since she "belongs" to a sister company I am unsure of their patch level.

    I blanked out the IP address because it is still live so I really don't want the skiddies getting themselves a copy of the trojan itself.... PM me if you want the address and if I think you are a fine upstanding young man, or a really cute gal, I'll forward you the IP.... Don't be offended if I politely refuse your request.... I'm a suspicious old fart...... Be offended if the reply contains only "Bwahahahahahahahaha"......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides