« previous next »
Pages: 1   Go Down

Author Topic: BEWARE! Message from Applestore is not what it seems!  (Read 3895 times)

0 Members and 1 Guest are viewing this topic.

Offline Anne

  • Administrator
  • Registered
  • *
  • Posts: 163
  • Gender: Female
    • Yobunny
BEWARE! Message from Applestore is not what it seems!
« on: January 17, 2006, 06:05:55 PM »
This is a message I received today (with some details removed) which appears to come from applestore.co.uk but doesn't! The clickable link takes you to a newly registered (i.e. today - 17 Jan 2006) domain (ipod-deutsch.com) which attempts to display a .wmf (Windows metafile) image. The metafile will use the current wmf exploit detailed here: http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

If you get one of these e-mails DO NOT visit the URL shown. Windows will automatically open the wmf file and you will be compromised if your system has not been patched (even if patched please don't risk visiting out of curiosity!).

Any application that automatically displays a WMF image will cause the user?s machines to get infected. This includes older versions of Firefox, current versions of Opera, Outlook and all current version of Internet Explorer on all versions of Windows.  Also note, Linux and BSD users running WINE, CEDEGA or CrossOver Office are also vulnerable to this one!

Quote
Return-Path: <order_199882@applestore.co.uk>
X-Flags: 0000
Delivered-To: GMX delivery to {address removed}
Received: (qmail invoked by alias); 17 Jan 2006 05:05:52 -0000
Received: from unknown (HELO camw) [203.177.206.249]
  by mx0.gmx.net (mx059) with SMTP; 17 Jan 2006 06:05:52 +0100
Received: from qegqjosrdb by camw with local (Exim 4.60 (FreeBSD))
   id 1EyyDE-000CHL-MV
   for {address removed}; Tue, 17 Jan 2006 13:17:56 -0800
To: {address removed}
Subject: Your order # 199882 has been accepted for the amount 779.00$
From: "Apple Online Store" <order_199882@applestore.co.uk>
Content-Type: text/html;charset=us-ascii
Content-Transfer-Encoding: 8BIT
Message-Id: <1EyyDE-000CHL-MV@camw>
Sender: User qegqjosrdb <qegqjosrdb@camw>
Date: Tue, 17 Jan 2006 13:17:56 -0800
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: -2 (not scanned, spam filter disabled)
X-GMX-UID: Zh6+Y/ZdeSEkSbvS23QhaXN1IGRvb0Cw

<html>
<body>
Thank you for shopping with us.<br>
<br><b>
Your order # 199882 Sony RX-F18 8.0 MP Digital Camera has been accepted for the amount 779.00$</b><br>
<br>
Your card will be charged in that amount.<br>
<br>
Thank you for your purchase.<br>
<br>
You can check the order in your profile.<br>
<br>
<a href={URL removed to prevent exploitation}>Click here to see your order</a><br>
<br>
Thank you.<br>
Apple Online Store.<br>
</body>
</html>

Logged
Cheers, 
Anne, Board Admin
Pages: 1   Go Up
« previous next »
 

SMF spam blocked by CleanTalk