copyright | disclaimer | privacy | contact

HOME   About AusCERT   Membership   Contact Us   PKI Services   Training   Publications   Sec. Bulletins   Conferences   News & Media   Services   Web Log   Site Map   Site Help   Member login Login »  Become a member »   Home » AusCERT N... » AU-2005.0012 -- AusCERT Update - "ePaymentSol.com" f...   AU-2005.0012 -- AusCERT Update - "ePaymentSol.com" fraudulent e-mails and malicious web site Date: 16 May 2005 References: AL-2005.011   Click here for printable version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AusCERT Update AU-2005.0012 - "ePaymentSol.com" fraudulent e-mails and malicious web site 16 May 2005 AusCERT Update Summary ---------------------- Operating System: Windows Impact: Access Confidential Data Execute Arbitrary Code/Commands Access: Remote/Unauthenticated Ref: AL-2005.011 AusCERT has become aware of fraudulent e-mails circulating widely to Australian recipients relating to the "Infra-Pay" domain previously alerted on in AL-2005.011. The emails entice users to visit a malicious web site that ends up resolving to the same site(s) that the "Infra-Pay" emails currently resolve to. As before, this web site contains browser-based exploits which attempt to download and install a trojan specifically designed to capture credentials used to access secure websites and e-mail accounts. AusCERT has seen several different types of email messages, but all attempt to entice the reader to epaymentsol.com. Subjects of the emails may look like "Transfer Receipt Reminder" or "Claim Cash Reminder". For mitigation strategies please refer to: AL-2005.011 -- AUSCERT ALERT "Infra-Pay" fraudulent e-mails and malicious web site http://www.auscert.org.au/render.html?it=5068 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQof+LSh9+71yA2DNAQJI8AP+JGFwhdiZ2/3r7himYcmIo9WJKNzBVQni fPeFPDe2HS5IoWhhYoyPGve8xaukNp5fzDXOmTSVGEDQyG+ahqCXLSvk4aE6/xWU B7uBWzL9k/60DZaroR+eIKnMS1IV2F3fgZpkva98yV/VibpGs1DrktwsWzQDQiiR TWrlIwtm9k0= =/LkA -----END PGP SIGNATURE-----

Comments? Click here http://www.auscert.org.au/render.html?cid=2998&it=5095