|
|
Delivering Bad Packages |
|
Date: 25 July 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9634 Greetings, We saw another trojan mail run this week (amongst all the Storm messages and such). You may have seen a few of them claiming to be from the UPS delivery service with a form to collect your 'undelivered package'. A form that had a .exe extension. And was packed in a zip file.... Despite the fact that a zipped executable should be considered a little suspicious in an unexpected email from a company you have had no prior dealings with by now, we received a surprising number of reports of people going out of their way to open the 'form' anyway. Along with an increasing torrent of malicious spam, DNS continues to be an issue. Details of the problem with almost all existing DNS servers have been released, so its probably a good idea to check that your DNS is AOK. One thing to note is that if you (or someone else) have used the unmodified Metasploit DNS module to test your DNS, you might want to check for any records with the IP 1.3.3.7 in your cache and remove them. Regards, MDB |