[nsp-sec] ATTN Google - Malware on a Googlegroups workspace->setting for your mailbox copyright-abuse at columbia.eduarechanged (fwd)
Rodolfo Baader
rbaader at arcert.gov.ar
Tue May 11 11:53:08 EDT 2010
Hi! .
Here's what we've seen
=========
New Ones
=========
http://ferixs.googlegroups.com/web/setup.zip
http://glunis.googlegroups.com/web/setup.zip
http://goblinx.googlegroups.com/web/setup.zip
http://gudini.googlegroups.com/web/setup.zip
http://iglaaa.googlegroups.com/web/setup.zip
http://juicedx.googlegroups.com/web/setup.zip
http://misterxyz.googlegroups.com/web/setup.zip
http://morozx.googlegroups.com/web/setup.zip
http://nolanm.googlegroups.com/web/setup.zip
http://surprisesss.googlegroups.com/web/setup.zip
http://traxers.googlegroups.com/web/setup.zip
==========================
Already informed at nspsec
==========================
http://alieness.googlegroups.com/web/setup.zip
http://bitrixs.googlegroups.com/web/setup.zip
http://bkaboy.googlegroups.com/web/setup.zip
http://craterx.googlegroups.com/web/setup.zip
http://creterx.googlegroups.com/web/setup.zip
http://ecd112.googlegroups.com/web/setup.zip
http://felixss.googlegroups.com/web/setup.zip
http://ferzom.googlegroups.com/web/setup.zip
http://goooooog.googlegroups.com/web/setup.zip
http://gorlix.googlegroups.com/web/setup.zip
http://gorlum.googlegroups.com/web/setup.zip
http://mamapapabrat.googlegroups.com/web/setup.zip
http://mimozkaa.googlegroups.com/web/setup.zip
http://misterseven.googlegroups.com/web/setup.zip
http://mozilloid.googlegroups.com/web/setup.zip
http://mraks.googlegroups.com/web/setup.zip
http://nonstops.googlegroups.com/web/setup.zip
http://perlox.googlegroups.com/web/setup.zip
http://settings-mailserv1.googlegroups.com/web/setup.zip
http://smogggly.googlegroups.com/web/setup.zip
http://startersss.googlegroups.com/web/setup.zip
http://tacumbex.googlegroups.com/web/setup.zip
http://zeraxer.googlegroups.com/web/setup.zip
http://zippiiix.googlegroups.com/web/setup.zip
===========
OLD Ones...
===========
http://groups.google.com/group/deilf/web/setup.zip
http://groups.google.com/group/djwoodo/web/setup.zip
http://groups.google.com/group/forrestgump33/web/setup.zip
http://groups.google.com/group/gnomm/web/setup.zip
http://groups.google.com/group/googlepop/web/setup.zip
http://groups.google.com/group/leanrock/web/setup.zip
http://groups.google.com/group/mails10/web/setup.zip
http://groups.google.com/group/mails1/web/setup.zip
http://groups.google.com/group/mails2/web/setup.zip
http://groups.google.com/group/mails3/web/setup.zip
http://groups.google.com/group/mails4/web/setup.zip
http://groups.google.com/group/mails5/web/setup.zip
http://groups.google.com/group/mails6/web/setup.zip
http://groups.google.com/group/mails7/web/setup.zip
http://groups.google.com/group/mails8/web/setup.zip
http://groups.google.com/group/mails9/web/setup.zip
http://groups.google.com/group/mailsv1/web/setup.zip
http://groups.google.com/group/mailsv2/web/setup.zip
http://groups.google.com/group/mailsv3/web/setup.zip
http://groups.google.com/group/mailsv4/web/setup.zip
http://groups.google.com/group/mailsv5/web/setup.zip
http://groups.google.com/group/pop3pop/web/setup.zip
http://groups.google.com/group/pop3smtp/web/setup.zip
http://groups.google.com/group/smtpfree/web/setup.zip
http://groups.google.com/group/smtpop/web/setup.zip
http://groups.google.com/group/smtpsmtp/web/setup.zip
Regards,
R.
Krista Hickey wrote:
> ----------- nsp-security Confidential --------
>
> Here's my overnight list to our corporate mail server,
>
> http://nonstops.googlegroups.com/web/setup.zip
> http://bitrixs.googlegroups.com/web/setup.zip
> http://ferzom.googlegroups.com/web/setup.zip
> http://felixss.googlegroups.com/web/setup.zip
> http://mraks.googlegroups.com/web/setup.zip
> http://gorlix.googlegroups.com/web/setup.zip
> http://perlox.googlegroups.com/web/setup.zip
> http://tacumbex.googlegroups.com/web/setup.zip
> http://mozilloid.googlegroups.com/web/setup.zip
> http://craterx.googlegroups.com/web/setup.zip
>
> I haven't had a chance to inspect it myself but our corporate IT security guy says,
>
> "This is not caught by our HTTP filter but our corporate AV picks it up (Downloader.MisleadApp). I had to scan it manually though as it is only caught on execution, not on write"
>
> We thankfully use a different anti-spam/virus solution for our customers (Ironport) and the content filter (CASE) is properly dropping the plethora of messages.
>
> Krista
> 7992
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of SURFcert - Peter
> Sent: May-11-10 3:46 AM
> To: Peter Moody
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] ATTN Google - Malware on a Googlegroups workspace->setting for your mailbox copyright-abuse at columbia.eduarechanged (fwd)
>
> ----------- nsp-security Confidential --------
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list