[nsp-sec] ATTN Google - Malware on a Googlegroups (list of some sources)
Scott A. McIntyre
scott at xs4all.net
Tue May 11 03:36:01 EDT 2010
Hi Peter,
> I have seen this for about a week now. At least this version. In the
> month before that I have had approximate the same kinds of messages but
> in those cases the setup.zip was attached to the e-mail. We are blocking
> that since then.
>
Yep - same thing here. Originally it was included in attachments, but
later moved to Google Groups, and I think a few other locations
actually. At the moment the text of the email we see is mostly to do
with SMTP and POP3 settings, but, that also has changed a few times.
The first hits I have that I haven't permanently deleted were 3 May, and
came from "123greetings.com"...
On the 4th that changed to the SMTP and POP3 settings based mails.
On the 6th it changed to "temporanly prevented access to your account"
[SIC].
We also saw links to places like spaceboy.zxq.net as well as google groups.
On the 10th it went back to eCard/greeting card based test, and still at
google groups.
Then "Nude Angelina Jolie" hits on the 10th.
Just feels very familiar, all this.
Cheers,
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list