posted on November 9, 2004 01:39:41 PM newI just received a warning from a friend who works at a major company in Florida regarding a virus that is spreading right now and is claiming to be from PayPal. Just thought I'd forward this along. It's trying to infiltrate their system, who knows if it will attack us little guys, but who knows. Be careful, this one is not a hoax.
Please be aware that a new worm is spreading on the internet and attempting
to make its way into the company network. The worm attempts to infect you
by sending you an e-mail from a false address. The e-mail claims to be
from PayPal, the popular on-line payment system. The message of the e-mail
appears as though you were just billed a large sum of money and gives a
link to click on for more information. The link is infected with viral
code that can infect ANY Microsoft Internet Explorer browser at this time.
This vulnerability was released four days ago and there is currently no
patch to protect your computer. We are blocking that site from the system
and are awaiting a patch for IE. Please be aware of this as you access
the internet over the next few days from home or from off-site. The e-mail
may say it is from an apparent PayPal account such as
"[email protected]". This is not accurate and is a "spoof". A
copy of the fake email is as follows:
---------------------------------------------------------------------------------------------------------
Congratulations! PayPal has successfully charged $175 to your credit card.
Your order tracking number is A866DEC0, and your item will be shipped
within three business days.
To see details please click this link.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This email is being sent by an
automated message system and the reply will not be received.
Thank you for using PayPal.
---------------------------------------------------------------------------------------------------------
If you receive this e-mail, please delete it. Do not click on the link.
There is no need to alert IT at this time since we are already seeing many
of them come in.
posted on November 9, 2004 03:55:02 PM new
cta ... there's a big story about this, too, on AOL top news stories:
New Internet Worm Breaks Discovery Speed Record
AMSTERDAM (Nov. 9) - A new computer worm emerged on Tuesday which broke the speed record from the announcement of a security vulnerability in Microsoft's Internet Explorer to a full-blown virus that spreads in the wild.
The vulnerability was discovered and made public by two hackers with aliases ''ned'' and ''SkyLined'' on Friday, and only four days later a worm exploiting the weakness was developed and set loose, several virus-trackers reported.
Microsoft said the worm is a variant of MyDoom and that it was investigating the threat the worm poses.
Some anti-virus companies said the new worm was different from MyDoom because it spreads via weblinks and not e-mail attachments.
''People will receive an e-mail saying that their PayPal account has been credited or that they are invited to watch a webcam. When they click on the link, just by viewing a site it executes code and infects the computer,'' said technical consultant Graham Cluley at Sophos Anti-Virus.
Microsoft was expected to issue its monthly batch of security patches later on Tuesday, but the company could not immediately say if a patch for the new worm would be part of it.
However, the software giant said that consumers who had installed Service Pack 2 for Windows XP were at a reduced risk.
The weakness in Internet Explorer is known as the IFRAME buffer overflow vulnerability.
posted on November 9, 2004 04:11:43 PM new
>>>Some anti-virus companies said the new worm was different from MyDoom because it spreads via weblinks and not e-mail attachments.
''People will receive an e-mail saying that their PayPal account has been credited or that they are invited to watch a webcam. When they click on the link, just by viewing a site it executes code and infects the computer<<<
Geez, I'm glad I don't have a teenager in the house. I'm sure this virus is going to be downloaded accidently by lots of kids and spouses who just don't understand how you can get bit by surfing websites.
posted on November 9, 2004 04:13:20 PM new
Ugh! Sneaky little bugger:
Body: One of the following
Hi! I am looking for new friends.
My name is Jane, I am from Miami, FL.
See my homepage with my weblog and last webcam
photos!
See you!
Hi! I am looking for new friends. I am from Miami, FL. You can
see my homepage with my last webcam photos!
Congratulations! PayPal has successfully charged $175 to your credit
card. Your order tracking number is A866DEC0, and your item will be
shipped
within three business days.
To see details please click this link
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This email is being sent by
an automated message system and the reply will not be received.
Thank you for using PayPal.</i></p>
The email contains a hyperlink that, when clicked on exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability (as described in Bugtraq ID 11515):
