[sanesecurity] Re: Phising on Microsoft update for Outlook / Outlook Express

• From: Tom Shaw <tshaw@xxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Wed, 21 Oct 2009 11:27:40 -0400

At 4:09 PM +0200 10/21/09, Rasmus Haslund wrote:

Hi,

From Microsoft Update Center / <mailto:noreply@xxxxxxxxxxxxx>noreply@xxxxxxxxxxxxx

It is linking to <http://update.microsoft.com.looolokr.co.uk/microsoftofficeupdate/KB910737/default.aspx/?ln=en-us&email=someone@xxxxxxxxxxxx&id=361689542175723843575110591518774>http://update.microsoft.com.looolokr dot co.uk/microsoftofficeupdate slash KB910737/default.aspx/?ln=en-us&email=someone@xxxxxxxxxxxx&id=361689542175723843575110591518774

Unfortunately I dont have the ability to provide a sample currently.

Thanks, Rasmus

Am pushing out new sigs now. I also snagged a copy of the payload from another source. Only 6 at virus total detecting.

Tom

• References:
  • [sanesecurity] Phising on Microsoft update for Outlook / Outlook Express
    • From: Rasmus Haslund

Other related posts:

• » [sanesecurity] Phising on Microsoft update for Outlook / Outlook Express- Rasmus Haslund
• » [sanesecurity] Re: Phising on Microsoft update for Outlook / Outlook Express- Steve Basford
• » [sanesecurity] Re: Phising on Microsoft update for Outlook / Outlook Express - Tom Shaw
• » [sanesecurity] Re: Phising on Microsoft update for Outlook / Outlook Express- Tom Shaw
• » [sanesecurity] Re: Phising on Microsoft update for Outlook / Outlook Express- Steve Basford

1. Home
2. sanesecurity
3. Archive
4. 10-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---