[SGVLUG] Social engineering done right...

Emerson, Tom Tom.Emerson at wbconsultant.com
Thu Mar 16 12:18:15 PST 2006


> -----Original Message-----
> [mailto:sgvlug-bounces at sgvlug.net] On Behalf Of Erik Espinoza

[in response to my comment of a virus deflecting off of postcards.org]

> Seems to me that there are probably three possibilities, in order of
> probability:
> 
> 1) The owner of postcards.org is doing this scam
> 2) The system that hosts postcards.org is compromised and 
> someone thought it'd be a good way to scam people
> 3) An insider @ ServePath configured the domain/system this 
> way with or without permission.

Actaully, a deeper look revealed that this was a "concealed address" --
using "view source" pointed out it was of the simplest variety:

  <a
href="virus.writers.site/badfile.gif.exe">legit.looking.site/?blah-blah-
blah</a>

Where "virus.writers.site" was somewhere in Poland (.pl)

Arrhg -- now I have to administar twenty lashes with a wet noodle to
myself for falling for this one... :(



More information about the SGVLUG mailing list