Computer Crime Research Center

hack/id_th2.jpg

Sober storms over IM, Yahoo Messenger

Date: December 05, 2005
Source: axcessnews.com


Antivirus provider, Sophos, said the Sober-Z worm is still quite prevelent on the Internet in that it estimates that 1 in 13 emails contain some variant of the Sober-Z worm.

The Sober-Z worm sends itself as an email attachment and attempts to turn off security software on the user's computer.

The worm lures innocent computer users into opening its infected attachments using a variety of tricks that include posing as an FBI or CIA agent with attached questions to be answered, and a phoney offer of Paris Hilton and Nicole Richie video clips from 'The Simple Life'. Instead, in the case of every Sober-Z attachment, the zip file contains a copy of the worm with the filename File-packed_dataInfo.exe. The worm then scans the user's hard drive for other email addresses, in its search for other computers to infect.

TrendMicro warns over phishing scam that targets Yahoo! Photos.

In the past week, much attention has been given to the Yahoo phishing scam that is advertised through instant messenger via Yahoo Messenger. The aim of the phisher is to entice a user to click on the given link and provide personal details by logging in through the spoofed Web site that it opens.

The IM arrives with the following text:

http://www.geocities.com/oxox0o_angel_oxox0o/ ^:)^ guess where this pic was taken and guess who is behind me in the picture

or

http://www.geocities.com/oxox0o_cary_oxox0o/ ^:)^ guess where this pic was taken and guess who is behind me in the picture

The spoofed Web site bears a close resemblance to the legitimate Yahoo! Photo’s online login page, and the phishers made no attempt to disguise the Phishing URL in the address bar. The page is hosted by Geocities so it is possible for user's to determine that the Web site is not legitimate. The Phishing Web site asks the user for a user name and password.

Upon clicking on the Sign In button, the gathered information is then sent to the email address:

oxox0o_angel_oxox0o@yahoo.com that can be found at the page source of the phishing web site, http://www.geocities.com/oxox0o angel oxox0o/.
Original article



Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo