new egold phisher - this time it's a malware executable

sunder sunder at sunder.net
Sat Jan 22 09:10:59 PST 2005


Got another one today with a RAR attachment claiming it was a screen 
shot.  Text is:

Dear Sir
Yesterday you have arrived the amount of $1000 into my account. Of 
course, I do not object, but you probably were mistaken number of the 
account when transferred, and it happens not first time. Please look an 
attached screenshot of all your transfers into my account. I have no 
idea why you transfer money to me, as I do not know you, and I need no 
money. If you were mistaken, I'll return this money to you!
Sincerely.

Nice... what's next?  an egold transfer from a lawyer claiming a long 
lost uncle kicked the bucket and left me a fortune? :-D

Wheee!


sunder wrote:
> So, the e-gold phishers are at it again... received a very nice email 
> this morning with an attachment.  The Received-From header showed this 
> beauty: "from 195.56.214.184 
> (dwwsaviej at cable-214-184.hszob.fibernet.bacs-net.hu [195.56.214.184] 
> (may be forged))"
> 
> Indeed!
> 
> Don't know if it's a trojan, spyware, virus, or worm, and I couldn't 
> care less since I don't use egold, but would be interesting (just for 
> curiosity's sake) if someone were to disassemble it to see what it does. 
>  It's probably a password grabber of some kind, so falls under spyware, 
> but who knows what other evil payloads were in the attachment.
> 
> ROTFL!
> 
> -------------------------------------------------------------------------
> Text said:
> 
> Dear E-gold Customer,
> 
> Herewith we strongly recommend you to install this Service Pack to your 
> PC, as lately we have received a lot of complains regarding unauthorized 
> cash withdrawals from our customers' accounts. This upgrade blocks all 
> currently known Trojan modules and eliminates the possibility of cash 
> withdrawals without your authorization. We highly recommend to install 
> this Service Pack to secure your accounts.
> Please note, that E-gold doesn't take any responsibility and doesn't 
> accept any claims regarding losses caused by fraudulent actions, if your 
> account has not been duly protected by the present Service Pack.
> 
> Please find enclosed the archive of the Service Pack installation file 
> in the attachment to this message.





More information about the cypherpunks-legacy mailing list