I just received a notification of an ecard puportedly sent by Blue
Mountain. According to SANS clicking on the link will take you to a site
that installs a Worm in Winodows XP. See:
http://isc.sans.org/diary.php?date=2005-03-31 Here is a copy of the source
file and headers that I received. Return-path: Envelope-to:
[log in to unmask] Delivery-date: Wed, 06 Apr 2005 01:54:34 -0400
Received: from 12-216-223-85.client.mchsi.com ([12.216.223.85]
helo=compuserve.com) by sys24.mail.msu.edu with smtp (Exim 4.44 #1) id
1DJ3Un-00014U-EV for [log in to unmask]; Wed, 06 Apr 2005 01:54:34 -0400
Date: Wed, 06 Apr 2005 05:50:46 +0000 From: [log in to unmask] Subject:
Akersc, You've received a postcard! To:
Akersc References: In-Reply-To: Message-ID: MIME-Version: 1.0
Content-Type: text/html Content-Transfer-Encoding: 8bit X-Virus: None found
by Clam AV X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
sys24.mail.msu.edu X-Spam-Level: *** X-Spam-Status: No, score=3.9
required=5.0 tests=FORGED_RCVD_HELO,HTML_20_30,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,
NO_REAL_NAME,SARE_SUB_COMMA_LEAD,URIBL_SBL,WEIRD_PORT autolearn=disabled
version=3.0.2 To view your eCard, choose from the options below.
Click on the following link.
<http://66.66.129.65:8180/009/>http://www.bluemountain.com/view.pd?i=194105726&m=2460&rr=y&source=bma948
OR
Enter the following eCard Number, 359756703454, on our Card Pick Up Window at
<http://66.66.129.65:8180/009/>http://www.bluemountain.com/findit.pd?source=bma944
If you have any comments or questions, please visit
<http://66.66.129.65:8180/009/>http://www.bluemountain.com/customer/emailus.pd?source=bma048
Thanks for using BlueMountain.com.
Cheryl
Cheryl Akers, MS, CNA - [log in to unmask]
Microcomputer Support - Microbiology and Molecular Genetics
2228C Biomedical Physical Sciences
Michigan State University
East Lansing, MI 48824
517-355-6463 X1514
"I try to take one day at a time, but sometimes, several days attack me
at once."
Jennifer Unlimited
|