[klmtfs@pridemail.com: Your Online Greeting Awaits You!]
From: diphen@agitation.netDate: 08/12/01
- Previous message: David LeBlanc: "Variant that hits more than c: and d:???"
- Next in thread: Mark Collins: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Reply: Mark Collins: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Reply: freehold@erols.com: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Reply: Brett Glass: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: diphen@agitation.net Date: Sun, 12 Aug 2001 02:05:08 -0700 To: incidents@securityfocus.com Subject: [klmtfs@pridemail.com: Your Online Greeting Awaits You!] Message-ID: <20010812020508.A99575@zeus.agitation.net>
Has anyone run across this before? It showed up in one of my other email
accounts this evening. When you go to the site it displays a message
about 'Image Browser Not Supported'. What this links to is a file called
american.exe. It appears to be a win32 binary containing some sort of
file archive. Unfortunately I don't have good facilities (or expertise,
really) for figuring out what this thing does. If anyone with more
windows expertise wants to take a look, you can grab the file from the
site, or I can forward a copy. I'm guessing it's some sort of trojan.
(The reason this makes me suspicious is that the rest of the site appears
to be entirely bogus. The first supplied url is www.greetingcardsusa.cc,
but all the links from the page go to americangreetingz.net, which
doesn't resolve. Also, the american.exe link is just an ip. It
reverse-resolves to paypalgreen.com, which also looks rather weird.)
Thanks.
-gabe
----- Forwarded message from klmtfs@pridemail.com -----
Delivered-To: diphen@agitation.net
Resent-Message-Id: <200108120841.f7C8fB116856@sonic.net>
X-envelope-info: <KLMTFS1@lycos.com>
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
From: klmtfs@pridemail.com
To: chagrus@techpointer.com
Date: Sun, 12 Aug 2001 04:26:42 -0800
Subject: Your Online Greeting Awaits You!
X-OriginalArrivalTime: 12 Aug 2001 08:14:07.0296 (UTC) FILETIME=[C1E65C00:01C12306]
Hello! We're writing to let you know that someone has sent you a greeting.
To pick up your greeting, simply click on this link:
http://www.GreetingCardsUSA.cc?aspickup.pd?i=710242162&m=1732&rr=y
If your e-mail program doesn't recognize the above address as a link, just
copy and paste the address into your web browser's "address" window.
We hope you enjoy your greeting. If you have any questions feel free to email
us at the address below.
Thanks!
James Cordman
james@GreetingCardsUSA.cc
GreetingCardsUSA.cc
Know one knows Greetings Like American Greetingz!
----- End forwarded message -----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: David LeBlanc: "Variant that hits more than c: and d:???"
- Next in thread: Mark Collins: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Reply: Mark Collins: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Reply: freehold@erols.com: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Reply: Brett Glass: "Re: [klmtfs@pridemail.com: Your Online Greeting Awaits You!]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
