[Mimedefang] Very tricky trojan/phish
David F. Skoll
dfs at roaringpenguin.com
Thu Feb 15 17:08:44 EST 2007
I've received two copies of an e-mail with the subject
"Proforma Invoice from Maurice & Soons LLC". It's HTML
mail and links to a so-called invoice at:
http : //www . cardesign . ru / proforma / invoice.pdf
If you fix up that link and download it, you'll discover it's actually
and HTML file, not a PDF file, and among other things, it contains:
<a href="proforma_invoice.scr">
<img src="http: // images . google . ca / images?q=tbn:Q9PFWmtQEw_91M:http: // www. pompadua. com/invoiceMar-23-2000-YCO16.jpg" border="0" />
proforma_invoice</a>
Nasty! The image is an eye-straining thumbnail of what looks like an
invoice, so your natural instinct is to click on it to see the full-sized
image.
(I have damaged URLs in case they show up on various SURBL-type blocklists.)
Anyone else seeing this one?
Regards,
David.
More information about the MIMEDefang
mailing list