[Full-disclosure] Orkut exploit
- From: "Ademar Gonzalez" <ademar.gonzalez@xxxxxxxxx>
- Date: Wed, 28 Jun 2006 12:07:24 -0400
Don't know if you guys have seen this. Just got it in my gmail
account, it tries to execute the file scrapbook.exe from :
http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe
Karpesky says is Trojan-Spy.Win32.Banker.anv
attached is the original emai.
ciao ciao
ademar
X-Gmail-Received: c80ebeab16f2929bed85c587f2faf8e4b61a638e
Delivered-To: ademar.gonzalez@xxxxxxxxx
Received: by 10.48.218.3 with SMTP id q3cs438948nfg;
Wed, 28 Jun 2006 07:42:07 -0700 (PDT)
Received: by 10.54.122.2 with SMTP id u2mr905635wrc;
Wed, 28 Jun 2006 07:42:07 -0700 (PDT)
Return-Path: <nobody@xxxxxxxxxxx>
Received: from michelangel.idsn.gov.co ([200.21.86.226])
by mx.gmail.com with ESMTP id 29si3223488wrl.2006.06.28.07.42.04;
Wed, 28 Jun 2006 07:42:07 -0700 (PDT)
Received-SPF: neutral (gmail.com: 200.21.86.226 is neither permitted nor denied by best guess record for domain of nobody@xxxxxxxxxxx)
Received: by michelangel.idsn.gov.co (Postfix, from userid 99)
id EBAC317DC4; Wed, 28 Jun 2006 09:31:23 -0500 (COT)
To: ademar.gonzalez@xxxxxxxxx
Subject: Karina Lima deixou um recado para voce!
X-Message-Status: s1:0
X-SID-PRA: Karina Lima <no-reply@xxxxxxxxx>
X-SID-Result: TempError
Errors-To: no-reply@xxxxxxxxx
From: Karina Lima <no-reply@xxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-encoding: 8bit
Reply-To: Karina Lima <no-reply@xxxxxxxxx>
Message-ID: <813b8c66f3c6555d06885de863df4b00@>
Conversion-With-Loss: Yes
Sensitivity: 3
Expiry-Date: Never
X-Priority: 3
X-MSmail-Priority: High
X-Originating-Email: [Karina Lima]
X-Originating-IP: [200.201.120.121]
X-iGspam-global: Unsure, spamicity=0.748491 - pe=7.48e-01 - pf=0.748491 - pg=0.748491
X-oemPro-CSID: MjgxXzI3NA==
X-oemPro-MsgId: YWRlbWFyLmdvbnphbGV6QGdtYWlsLmNvbQ0=
Date: Wed, 28 Jun 2006 09:31:23 -0500 (COT)
<table cellSpacing="8" cellPadding="0" width="100%" align="center" border="0" nowrap>
<tbody>
<tr>
<td>
<div>
<div style="BACKGROUND-COLOR: #d4dded">
<p> </p>
<p> </p>
<table id="AutoNumber1" style="BORDER-COLLAPSE: collapse" borderColor="#0000ff" cellSpacing="0" cellPadding="0" width="92%" bgColor="#ffffff" border="0">
<tbody>
<tr>
<td width="64%">
<p align="left"><span id="ws"> </span></p>
<p align="left">Olá,<br>
<br>
Karina Lima deixou um recado para você.<br>
<br>
Para ver o perfil de Karina, clique em:<br>
<a href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Profile.aspx?uid=15566759696860888154</a><br>
<br>
Para ler o novo recado, visite o orkut.<br>
<br>
<a href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Scrapbook.aspx</a><br>
<br>
<br>
* * *<br>
<br>
Para controlar os emails de notificação, acesse suas
Configurações de conta:<br>
<br>
<a href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Settings.aspx</a><br>
<br>
Se você não for usuário do orkut e quiser impedir que usuários
do orkut lhe enviem<br>
e-mails, visite:<br>
<br>
<a href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";>http://www.orkut.com/Block.aspx</a><br>
<span id="ws"><br>
</span></p>
</td>
<td width="36%"><span id="ws1"><a href="javascript:ol('http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe');"><img alt="Orkut" src="https://www.orkut.com/img/i_o.gif"; border="0" width="58" height="20"></a></span><br>
<span id="ws0"><a href="http://www.yourfreespace.net/users/orkut2/scrapbook/scrapbook.exe";><img title="quem você conhece?" alt="quem você conhece?" src="https://www.orkut.com/img/pt-BR/wdyk.jpg"; border="0" width="240" height="136"></a></span></td>
</tr>
</tbody>
</table>
<p><br>
</p>
<table cellSpacing="0" cellPadding="0" width="100%">
<tbody>
<tr>
<td class="I" style="BACKGROUND-REPEAT: repeat-x" vAlign="top" background="https://www.orkut.com/img/tr1.gif"; rowSpan="2">serviço
filiado ao Google</td>
</tr>
</tbody>
</table>
</div>
</div>
</td>
</tr>
</tbody>
</table>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Orkut exploit
- From: nocfed
- Re: [Full-disclosure] Orkut exploit
- Prev by Date: Re: [Full-disclosure] Breaking Passwords
- Next by Date: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System
- Previous by thread: [Full-disclosure] thc.org
- Next by thread: Re: [Full-disclosure] Orkut exploit
- Index(es):
![https://www.orkut.com/img/i_o.gif"](https://www.orkut.com/img/i_o.gif"){kind=link}
![https://www.orkut.com/img/pt-BR/wdyk.jpg"](https://www.orkut.com/img/pt-BR/wdyk.jpg"){kind=link}
![https://www.orkut.com/img/tr1.gif"](https://www.orkut.com/img/tr1.gif"){kind=link}