Flickr targetted in new-style social phish/trojan attack

, posted: 1-Nov-2006 16:05

My MSN account had a peculiar looking message in it recently:


I don't have a photo on Flickr so I assumed this was some sort of "click me and get h4x3d" type of email - and indeed it was.

The link went (still goes as of writing this) to a compromised server in Norway that's hosting a copy of a Flickr page belonging to a real user on that site. When you land on the compromised site, IE7 asks if you want to allow it to run "outlook.exe". I didn't allow it to this though. :)

I'm not sure what exactly would've happened if I had allowed the site to run outlook.exe - next time I checked, the account on a server in Russia that the attacker used had been suspended, so nothing happened. Perhaps the attacker tried to plant stuff on your machine from the server in Russia, or was simply firing up Outlook to do a quick spam run. There's nothing now in the HTML on the site that shows what the intention was, although the spammer left some code pointing to a stats counter...

Either way, this could be the beginning of "social phishing", I think.

Other related posts:
Email servers strain under doubled spam load

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.