[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OT - AIM] Disguised URL's In AIM's and Counterfeit Pay Pal Emails

Subject: [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay Pal Emails
From: peter at thescirocco.com (Peter)
Date: Wed Jan 18 20:23:18 2006
In-reply-to: <4e2d8ff80601180931o5777fb05lcbc0002251cda081@mail.gmail.com>

 I knew something was fishy...

Thanks for explaining it! 

Peter
http://thescirocco.com/

Please! Include the previous text in your reply...

-----Original Message-----
From: Roger concha [mailto:rogercv1@gmail.com]
Sent: Wednesday, January 18, 2006 12:32 PM
To: Allyn
Cc: peter@thescirocco.com; Scirocco list
Subject: Re: [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay Pal
Emails

well the pif is just a shortcut to the actual executable

On 1/18/06, Allyn <amalventano1@tds.net> wrote:
> That may be the windows metafile exploit, but I hadnt seen one 
> disguised as a .pif, nor did I think it could work if it was opened as
such.
>
> For those who don't know about this:
> http://www.microsoft.com/technet/security/advisory/912840.mspx
> And the patch is available here:
> http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
> HTH
> Al
>
> > -----Original Message-----
> > From: scirocco-l-bounces+amalventano1=tds.net@scirocco.org
> > [mailto:scirocco-l-bounces+amalventano1=tds.net@scirocco.org]
> > On Behalf Of Peter
> > Sent: Wednesday, January 18, 2006 2:57 AM
> > To: 'Scirocco list'
> > Subject: [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay Pal 
> > Emails
> >
> > Check this AIM message out, and it's happened several times before, 
> > from other unknown senders:
> >
> > vwdubnut85:  should i put these pictures of us on myspace or 
> > facebook?
> > http://photobucket.com/NewPictures/pic20.jpg
> >
> > thesciroccocom: Nice try:
> > http://download.pinkiespalace.net/picture01.pif
> >
> > I clicked to show the hyperlink, and this is what the seemingly 
> > harmless photobucket URL actually is:
> > http://download.pinkiespalace.net/picture01.pif
> >
> > This is probably nothing, but when the url is disguised, it makes me 
> > suspicious.
> > In the past .jpg's have turned into .exe's and so on.
> >
> > This is also really common with all the Pay Pal spoofs; 
> > [mailto:spoof@paypal.com]
> >
> >
> > Peter
> > http://thescirocco.com/
> >
> > Please! Include the previous text in your reply...

References:
- [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay Pal Emails
  - From: rogercv1 at gmail.com (Roger concha)

Prev by Date: thoughts on these wheels
Next by Date: Once again, WTB: 16v caliper bracket
Previous by thread: [OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails
Next by thread: FS Artic White 16v in CT Not Mine
Index(es):
- Date
- Thread