[jsfg_cinti] E-mail messages used to trick people into visiting malicious web sites

• From: David Barnes <dbarnes@xxxxxxx>
• To: jsfg_cinti@xxxxxxxxxxxxx
• Date: Fri, 31 Mar 2006 12:25:52 -0500

This is serious stuff. If you receive an e-mail that contains a story 
from BBC News, DON'T click on the link.

 From ZDNet...

BBC NEWS STORIES USED AS BAIT FOR INTERNET EXPLORER EXPLOIT

Cybercrooks are spamming e-mail messages to trick people into visiting 
malicious Web sites that exploit a recent Internet Explorer flaw, 
experts warned Thursday.

The Web sites take advantage of the vulnerability in the omnipresent 
Microsoft Web browser to install a keystroke logger on vulnerable 
computers, according to San Diego-based Websense Security Labs.

"This keylogger monitors activity on various financial Web sites and 
uploads captured information back to the attacker," Websense said in an 
alert. The malicious software could capture log-in names and passwords 
for the sites, information criminals could sell or possibly use to 
plunder a victim's account.

The e-mail messages used to lure people to the Web sites contain 
excerpts from BBC news stories and offer a link to "read more," Websense 
said. This link leads to a forged BBC Web page where the malicious 
software is dropped onto a vulnerable PC....

TO READ THE ENTIRE ARTICLE, follow this URL:
http://news.zdnet.com/2100-1009_22-6056217.html?tag=nl.e539

TO WORK AROUND THE PROBLEM until Microsoft releases a fix, follow this URL:
http://blogs.zdnet.com/Ou/?p=133

You can unsubscribe from the list by sending email to 
jsfg_cinti-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field. 

Web archive: http://www.freelists.org/archives/jsfg_cinti 

Questions to:  jsfg@xxxxxxxx

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription