Phishing malware infection via spoof Dell online store email
The email masquerades as an order acknowledgement from the Dell online store for an expensive digital camera. Supposedly to verify the details, the user is invited to click on a link to a web site containing encoded javascript. According to Websense, this site attempts to infect the victim's computer with phishing malware via multiple pop-up windows. The source is an Australian IP address that has recently been recognised as the source of at least one similar attack.
Although the text of the email shows that this attack is clearly aimed at an Australian market, it has already spread wider. Heise know of at least one instance of its appearance in the UK.
The AusCert points out that as the javascript used in this attack is encoded, IDS systems may not be able to recognise and block it. However, users can be protected by blocking the IP address 147.202.42.249 at the gateway. Blocking pop-ups in the untrusted zone in the web browser is also an option, and of course a policy of not clicking on links in unsolicited emails is a fundamental protection.
- AL-2007.0066 -- [Win] -- "Dell online Store" Trojan emails, security alert from AusCERT
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
