In association with heise online

17 May 2007, 10:17

Phishing malware infection via spoof Dell online store email

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The email masquerades as an order acknowledgement from the Dell online store for an expensive digital camera. Supposedly to verify the details, the user is invited to click on a link to a web site containing encoded javascript. According to Websense, this site attempts to infect the victim's computer with phishing malware via multiple pop-up windows. The source is an Australian IP address that has recently been recognised as the source of at least one similar attack.

Although the text of the email shows that this attack is clearly aimed at an Australian market, it has already spread wider. Heise know of at least one instance of its appearance in the UK.

The AusCert points out that as the javascript used in this attack is encoded, IDS systems may not be able to recognise and block it. However, users can be protected by blocking the IP address at the gateway. Blocking pop-ups in the untrusted zone in the web browser is also an option, and of course a policy of not clicking on links in unsolicited emails is a fundamental protection.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit