Home page logo

bugtraq logo Bugtraq mailing list archives

Re: AIM Password theft
From: "Eric Joe" <sysop () tje1 com>
Date: Wed, 24 Sep 2003 11:42:17 -0400 (EDT)


I received a SPAM message that does exactly as you described. Here is the
message text
You have a secret admirer
Find out who below

If you want further information from me directly,
we can have a private meeting


I also found an .exe file on my desktop.

Eric Joe
Network Operations
Journey's End Internet/Computer Connection Inc

      The code you just sent looks familiar to a SPAM I received
attempting to hijack users' e-gold accounts.  Out of curiosity I
followed that link which loaded start.html (attached).  What worries me
is that I'm running IE 6.0.2800.1106 with all the latest patches from
Microsoft and this page (start.html) rewrote wmplayer.exe on my local
drive without notice.  After closing the page, I found two .exe files
on my desktop (which loaded from
http://doz.linux162.onway.net/eg/1.exe). Is this a new unknown

Brent Meshier
Global Transport Logistics, Inc.
"Innovative Fulfillment Solutions"

-----Original Message-----
From: Mark Coleman [mailto:markc () uniontown com]
Sent: Tuesday, September 23, 2003 11:43 AM
To: bugtraq () securityfocus org
Subject: [Fwd: Re: AIM Password theft]

Hi, can anyone shed some light on this for me?  If this is new, its
going to spread like wildfire.  AOL or incidents lists have yet to
reply....  it appears to be a legitimate threat as I have at least one
user "infected" already..  Thank you..

-Mark Coleman

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]