New agressive virus
from
Counterpane
bq. On Thursday November 13, 2003 Counterpane was made aware of a new malicious email downloader in the wild.
bq. The email arrives as an e-card from 123greetings.com with the following header information:
bq. User's name : An Admirer
Email Address : sweet_dreams@yahoo.com
bq. The body of the email instructs users to visit a URL that actually redirects to:
bq. http:// www. idownline. com/ members/ idownline
bq. The spaces are inserted to prevent parsing by email programs while reading this notice.
bq. If users go to the link in the email, the page spawns another connection to a second web page that then loads three other HTML files:
bq. - - SPY.HTM
- - S.HTM
- - IN.HTM
bq. The files use an adbdo.stream exploit to download and overwrite additional system files (notepad.exe) which result in the downloading of the Trojan.Naldem.
Be careful with this - you don't need to actually open an attachment, just visit that web site. Treat
ALL eCards with suspicion...
Posted by DaveH at November 19, 2003 3:22 PM