new egold phisher - this time it's a malware executable
sunder
sunder at sunder.net
Fri Jan 21 10:23:36 PST 2005
So, the e-gold phishers are at it again... received a very nice email
this morning with an attachment. The Received-From header showed this
beauty: "from 195.56.214.184
(dwwsaviej at cable-214-184.hszob.fibernet.bacs-net.hu [195.56.214.184]
(may be forged))"
Indeed!
Don't know if it's a trojan, spyware, virus, or worm, and I couldn't
care less since I don't use egold, but would be interesting (just for
curiosity's sake) if someone were to disassemble it to see what it does.
It's probably a password grabber of some kind, so falls under spyware,
but who knows what other evil payloads were in the attachment.
ROTFL!
-------------------------------------------------------------------------
Text said:
Dear E-gold Customer,
Herewith we strongly recommend you to install this Service Pack to your
PC, as lately we have received a lot of complains regarding unauthorized
cash withdrawals from our customers' accounts. This upgrade blocks all
currently known Trojan modules and eliminates the possibility of cash
withdrawals without your authorization. We highly recommend to install
this Service Pack to secure your accounts.
Please note, that E-gold doesn't take any responsibility and doesn't
accept any claims regarding losses caused by fraudulent actions, if your
account has not been duly protected by the present Service Pack.
Please find enclosed the archive of the Service Pack installation file
in the attachment to this message.
More information about the Testlist
mailing list