The Digital Rag
Real World Information in a Virtual World
Sign Up!
Login Welcome to The Digital Rag
Tuesday, February 07 2012 @ 01:29 PM PST

Don't open that e-card!!!

Friday, June 29 2007 @ 11:26 AM PDT

Contributed by: Richard Pitt

Newsletter PostingsSANS is just now getting around to telling us the details behind a new wave of phishing e-mails, the first of which I got last Saturday after I'd finished sending out last week's news to you. At that time I tried to grab a copy of whatever it was that my "family member" had sent me - using a "safe" method on a sacrificial system I have - mostly because I was bored at the time and looking for something to do for an hour.

The grab attempt didn't work because my system could not get DNS to figure out the domain's IP address - either it had been forced offline due to somebody else finding out what was going on, or maybe it was just hugely busy because of the number of people fooled by this attack - who know.

Anyway, I forgot about it for the time being - but got another one on Tuesday - same thing, no way could I get anything back from the site it pointed at.

SANS seems to have been more successful. The attack will try to use Javascript to infect your machine (you are using Firefox and did install the NoScript plugin didn't you!) but if you have it turned off, it presents you with a handy link you can click on to help it infect your machine.

The point is that I've been writing about e-greeting card systems as being a bad idea from day 1. Only if you are satisfied that the company behind such a scheme is legitimate and you know they have done a good job of keeping nasty stuff out of their systems should you even think about either using one of these systems or opening something purporting to come from one. The list that I'll open is VERY short - and I don't open any until I have confirmation directly from the "sender" that they really intended to send me something.

I'll note here that the "payload" of this phishing attempt is unrecognized by most of the anti-virus engines that SANS tested it against.


For those of you following the saga of my "home grow-op inspection" I've written a followup "open letter". The local News paper wants me to edit the size down before they'll publish it in their letters area. I hoped they'd put it in as an op-ed but such is life. Anyway, it is here for you to read.
http://blog.pacdat.net/article.php/20070624235606151

Story Options

What's New

Stories

No new stories

Comments last 2 days

No new comments

Trackbacks last 2 days

No new trackbacks

Older Stories

Thursday 15-Sep


Saturday 10-Sep


Tuesday 30-Aug


Saturday 20-Aug


Thursday 18-Aug


Sunday 14-Aug


Thursday 04-Aug


Tuesday 02-Aug

?

Ads by Clickochet

G+ Public Posts

There was a problem reading this feed (see error.log for details).
?

G+

?

Facebook Page

RSS Feed

Richard's Digital Rag

Poll

How do you like to find out news about the internet and computers?

  •  Newspaper
  •  Radio
  •  TV
  •  Web Search
  •  Favourite Web Site(s)
  •  Pod Cast
  •  Video Online
  •  Email List(s)
  •  RSS - Syndication
  •  Word of mouth
This poll has 0 more questions.
Results
Other polls | 28 votes | 0 comments