Mark/Brent, I received a SPAM message that does exactly as you described. Here is the message text ---------------------------------------------------------------------------- You have a secret admirer Find out who below http://www.geocities.com/merlin54906/webcam.html If you want further information from me directly, we can have a private meeting http://www.geocities.com/shashi43849/ ---------------------------------------------------------------------------- I also found an .exe file on my desktop. -- Eric Joe Network Operations Journey's End Internet/Computer Connection Inc > Mark, > The code you just sent looks familiar to a SPAM I received > attempting to hijack users' e-gold accounts. Out of curiosity I > followed that link which loaded start.html (attached). What worries me > is that I'm running IE 6.0.2800.1106 with all the latest patches from > Microsoft and this page (start.html) rewrote wmplayer.exe on my local > drive without notice. After closing the page, I found two .exe files > on my desktop (which loaded from > http://doz.linux162.onway.net/eg/1.exe). Is this a new unknown > vulnerability? > > Brent Meshier > Global Transport Logistics, Inc. > http://www.gtlogistics.com/ > "Innovative Fulfillment Solutions" > > -----Original Message----- > From: Mark Coleman [mailto:markc@uniontown.com] > Sent: Tuesday, September 23, 2003 11:43 AM > To: bugtraq@securityfocus.org > Subject: [Fwd: Re: AIM Password theft] > > Hi, can anyone shed some light on this for me? If this is new, its > going to spread like wildfire. AOL or incidents lists have yet to > reply.... it appears to be a legitimate threat as I have at least one > user "infected" already.. Thank you.. > > -Mark Coleman
