uggabugga
   HOME    RSS  | .



Monday, February 13, 2006

Received an e-mail today:

Got past a server spam-catcher. Got past Norton A/V.
TITLE: You've received a greeting from a family member!

CONTENT (partial): You have just received a virtual postcard from a family member!

You can pick up your postcard at the following web address:

http://www2.postcards.org/?a91-valets-cloud-31337

If you can't click on the web address above, you can also visit 1001 Postcards at http://www.postcards.org/postcards/ and enter your pickup code, which is: a91-valets-cloud-mad
The link is not to postcards.org, but is in fact, an executable: http://64.136.56.162/~ken/postcard.gif.exe

What's up at IP address 64.136.56.162 ? It's where InstaJob, Inc. resides , and yes, the executable is there right now (just downloaded it).

What is postcard.gif.exe? It's a trojan of some sort (net abuse message boards are not uniform on exactly which one it is). Postcards1001 are very unhappy about this, which has been going on for over a year (with different websites being the location of the executable).

It's unclear what role instajob.net is playing here. Their site may have been hacked.

Be on the alert for this sort of stuff around Valentine's day.


posted by Quiddity at 2/13/2006 02:28:00 PM

2 comments

Be on the alert for this sort of stuff around Valentine's day.

If you're using a Windows PC.

If not, carry on.

By Blogger Lettuce, at 2/13/2006 8:26 PM  

The subject of spam came up at a meeting this morning, and it occurred to me: Seein' as they're reading it all anyways, why don't the good folks at the NSA just block all our spam? Now that's a federal program I could get behind!

By Blogger Carl, at 2/13/2006 9:05 PM  

Post a Comment

HOME

This page is powered by Blogger. Isn't yours?