new egold phisher - this time it's a malware executable
sunder at sunder.net
Sat Jan 22 09:10:59 PST 2005
Got another one today with a RAR attachment claiming it was a screen
shot. Text is:
Yesterday you have arrived the amount of $1000 into my account. Of
course, I do not object, but you probably were mistaken number of the
account when transferred, and it happens not first time. Please look an
attached screenshot of all your transfers into my account. I have no
idea why you transfer money to me, as I do not know you, and I need no
money. If you were mistaken, I'll return this money to you!
Nice... what's next? an egold transfer from a lawyer claiming a long
lost uncle kicked the bucket and left me a fortune? :-D
> So, the e-gold phishers are at it again... received a very nice email
> this morning with an attachment. The Received-From header showed this
> beauty: "from 126.96.36.199
> (dwwsaviej at cable-214-184.hszob.fibernet.bacs-net.hu [188.8.131.52]
> (may be forged))"
> Don't know if it's a trojan, spyware, virus, or worm, and I couldn't
> care less since I don't use egold, but would be interesting (just for
> curiosity's sake) if someone were to disassemble it to see what it does.
> It's probably a password grabber of some kind, so falls under spyware,
> but who knows what other evil payloads were in the attachment.
> Text said:
> Dear E-gold Customer,
> Herewith we strongly recommend you to install this Service Pack to your
> PC, as lately we have received a lot of complains regarding unauthorized
> cash withdrawals from our customers' accounts. This upgrade blocks all
> currently known Trojan modules and eliminates the possibility of cash
> withdrawals without your authorization. We highly recommend to install
> this Service Pack to secure your accounts.
> Please note, that E-gold doesn't take any responsibility and doesn't
> accept any claims regarding losses caused by fraudulent actions, if your
> account has not been duly protected by the present Service Pack.
> Please find enclosed the archive of the Service Pack installation file
> in the attachment to this message.
More information about the cypherpunks-legacy