There seems to be a new virus+spam combi worm attack going on at the moment.
It sends out mails to users in ones email address book (that it somehow stole).
The content of the mail always looks like this (very spam-like):
Code: Select all
Hello!
You have a new message, please read <http://somehackedserver.com/stress.php?80sc5>
<Sender Name>
These files either contain malicious code that try to do something to the browser-client (if it can), and/or contains backdoors for running arbitrary code on the infected host.
According to other postings found on the web, the PHP file it points to in the URL disguises itself under different names.
Here's a list of names I collected so far:
- stress.php
- neighboring.php
- struck.php
- skirt.php
- management.php
- separate.php
- mainstream.php
- summary.php
- sacred.php
- ...
Collecting other's findings:
https://answers.launchpad.net/launchpad ... ion/292170
http://discard.email/en/pillory/fw-new- ... 787dc5.htm
http://readlist.com/lists/lists.digium. ... 56371.html
http://www.ietf.org/mail-archive/web/v6 ... 24655.html
http://digest.sialia.com/?rm=message;id=1174544