Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - E-mails with malicious links targeting Australia InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

E-mails with malicious links targeting Australia

Published: 2006-06-15
Last Updated: 2006-06-15 13:17:35 UTC
by Bojan Zdrnja (Version: 1)
0 comment(s)
We've received couple of reports about e-mails being spammed which contain browser exploits. What's interesting about this is that they are targeting Australia.

All e-mails we've received have the same content, but the URL seems to be moving around. The body is pasted below:

"People starting panic withdrawals, some of the accounts were reported closed due to technical reasons, many ATMs are not operating. Does it seem that one of the Australia's greatest goes bankrupt? The full story could be found here: <URL>
Well, hope that isn't true... Anyway You'd rather check your balance..."

The URL contains an obfuscated JavaScript. The JavaScript code will check which browser the user is running and will redirect him to the appropriate exploit, served by a CGI script.
The JavaScript will also detect if a user is running Service Pack 2, and append that information as a CGI parameter as well.

The following Internet Explorer vulnerabilities are exploited:


And one Mozilla FireFox vulnerability is exploited as well:


For FireFox user, there is good add-on tool for preventing malicious Javascripts. The add-on tool called "NoScript". You can find more information following site :

0 comment(s)
Diary Archives