Date: Wed, 12 Sep 2007 14:56:42 +0000 From: bob.middaugh@comcast.net (Bob Middaugh) To: Greetings.com <Greeting@Greetings.com>, questions@freebsd.org Subject: Re: Hey, you have a new Greeting !!! (exploit for Win32) Message-ID: <091220071456.14659.46E7FE2A0002394800003943220642461308099A0E0B0B0703D20D010D@comcast.net>
next in thread | raw e-mail | index | archive | help
Just an FYI If you're on a win32 machine, and read your mail in HTML, don't open this as it will execute a .pif file ( win32 PE, portable executable) that wants to put sup.bat in your /system32 to do something undesirable...haven't figured that out yet. If you read in plain text, you'll see this link: http://members.lycos.co.uk/patacftp/postcard.pif Don't click on that either. We're blocking .pif at the SMTP gateway. This is what symantec says when I scan it: Scan type: Manual Scan Event: Threat Found! Threat: IRC Trojan -------------- Original message ---------------------- From: Greetings.com <Greeting@Greetings.com> > > Hello friend ! > You have just received a postcard Greeting from someone who cares > about you... > > Just click [1]here to receive your Animated Greeting ! > > Thank you for using www.Greetings.com services !!! > Please take this opportunity to let your friends hear about us by > sending them a postcard from our collection ! > > > References > > 1. http://members.lycos.co.uk/patacftp/postcard.pif > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?091220071456.14659.46E7FE2A0002394800003943220642461308099A0E0B0B0703D20D010D>