|
|
Father's Day Email Follow-up |
|
Date: 18 September 2007 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=8093 Two more small runs have been seen since the initial alert was raised on 12 September 2007. We saw one on the 14th September and the other on the 17th September. We only saw three new sites in total across the two runs. The sites included in the emails include the following. (URLs modified to prevent accidentally visiting the malicious pages): hxxp :// cemoffice,com / fatherday,html hxxp :// generationd,us / fatherday,html These both link to the exploit site hxxp :// www,xstepstech,com /sp/ So far, the only subject line is: Happy Father's Day Here is an example of the email body. --- BEGIN EMAIL BODY TEXT --- Hello, auscert@auscert.org.au!!! Happy Father's Day. You're The Greatest hxxp :// generationd,us / fatherday,html For all the times you were there reminding me that life and friends are wonderful. Thank You --- END EMAIL BODY TEXT --- If you have any of these emails we would be keen to see the ones with new websites other than those above. Best Regards Zane |