[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails

Subject: [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails
From: rogercv1 at gmail.com (Roger concha)
Date: Wed Jan 18 13:12:35 2006
In-reply-to: <20060118174635.KHGP17035.tomts5-srv.bellnexxia.net@lapin>
References: <4e2d8ff80601180931o5777fb05lcbc0002251cda081@mail.gmail.com> <20060118174635.KHGP17035.tomts5-srv.bellnexxia.net@lapin>

funny that we are talking about this today, and we had a whole bunch
of users get hit today at work.

On 1/18/06, Mtl-Marc <marc_scirocco@sympatico.ca> wrote:
> IIRC, pif ==> Program Information File.
>
> The info it needs to execute the exe
>
> Cheers
>
> Marc
>
> >
> > well the pif is just a shortcut to the actual executable
> >
> > On 1/18/06, Allyn <amalventano1@tds.net> wrote:
> > > That may be the windows metafile exploit, but I hadnt seen one disguised
> > as a
> > > .pif, nor did I think it could work if it was opened as such.
> > >
> > > For those who don't know about this:
> > > http://www.microsoft.com/technet/security/advisory/912840.mspx
> > > And the patch is available here:
> > > http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
> > > HTH
> > > Al
> > >
> > > > -----Original Message-----
> > > > From: scirocco-l-bounces+amalventano1=tds.net@scirocco.org
> > > > [mailto:scirocco-l-bounces+amalventano1=tds.net@scirocco.org]
> > > > On Behalf Of Peter
> > > > Sent: Wednesday, January 18, 2006 2:57 AM
> > > > To: 'Scirocco list'
> > > > Subject: [OT - AIM] Disguised URL's In AIM's and Counterfeit
> > > > Pay Pal Emails
> > > >
> > > > Check this AIM message out, and it's happened several times
> > > > before, from other unknown senders:
> > > >
> > > > vwdubnut85:  should i put these pictures of us on myspace or
> > > > facebook?
> > > > http://photobucket.com/NewPictures/pic20.jpg
> > > >
> > > > thesciroccocom: Nice try:
> > > > http://download.pinkiespalace.net/picture01.pif
> > > >
> > > > I clicked to show the hyperlink, and this is what the
> > > > seemingly harmless photobucket URL actually is:
> > > > http://download.pinkiespalace.net/picture01.pif
> > > >
> > > > This is probably nothing, but when the url is disguised, it
> > > > makes me suspicious.
> > > > In the past .jpg's have turned into .exe's and so on.
> > > >
> > > > This is also really common with all the Pay Pal spoofs;
> > > > [mailto:spoof@paypal.com]
> > > >
> > > >
> > > > Peter
> > > > http://thescirocco.com/
> > > >
> > > > Please! Include the previous text in your reply...
> > > >
> > > >
>
>

Follow-Ups:
- [OT - AIM] Disguised URL's In AIM's and Counterfeit PayPalEmails
  - From: patrick.bureau at gmail.com (Patrick Bureau)
- [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails
  - From: bayareaberk at yahoo.com (T Berk)

References:
- [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay Pal Emails
  - From: rogercv1 at gmail.com (Roger concha)
- [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails
  - From: marc_scirocco at sympatico.ca (Mtl-Marc)

Prev by Date: kamei grill spoiler instructions
Next by Date: [OT - AIM] Disguised URL's In AIM's and Counterfeit PayPalEmails
Previous by thread: [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails
Next by thread: [OT - AIM] Disguised URL's In AIM's and Counterfeit PayPalEmails
Index(es):
- Date
- Thread