Return-Path: <sentto-279987-3269-1003789332-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 22 Oct 2001 15:23:11 -0700 (PDT) Received: (qmail 15710 invoked by uid 510); 22 Oct 2001 22:21:42 -0000 Received: from n7.groups.yahoo.com (216.115.96.57) by 204.181.12.215 with SMTP; 22 Oct 2001 22:21:42 -0000 X-eGroups-Return: sentto-279987-3269-1003789332-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by n7.groups.yahoo.com with NNFMP; 22 Oct 2001 22:22:12 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 22 Oct 2001 22:22:12 -0000 Received: (qmail 8403 invoked from network); 22 Oct 2001 22:22:11 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 22 Oct 2001 22:22:11 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 22 Oct 2001 22:22:11 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9MMMTW10681 for iwar@onelist.com; Mon, 22 Oct 2001 15:22:29 -0700 Message-Id: <200110222222.f9MMMTW10681@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 22 Oct 2001 15:22:28 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Malicious.program.tries.to.steal.credit.cards,.but.not.getting.far.] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit No victims in Red Cross virus scam Malicious program tries to steal credit cards, but not getting far. Recipients of the Septer.Trojan receive this realistic-looking form soliciting donations. The information is actually uploaded to a virus-writer's Web site. By Bob Sullivan MSNBC Oct. 22 — There’s a new malicious computer program designed to prey on people’s generosity towards the American Red Cross. The program, called “Septer.Trojan,” arrives as an e-mail and attempts to trick recipients into filling out a form with credit card information. The Red Cross has warned Net users to delete any such an e-mail solicitation, since the agency doesn’t ask for money that way. Meanwhile, antivirus firms rate Septer.Trojan a low risk because it hasn’t spread quickly. THE RED CROSS says there are no known victims of the Trojan “We have not had any individual cases that have been reported to us,” said Kelly Alexander, spokesperson for the Red Cross. Septer.Trojan comes in the form of an executable file attached to an e-mail message. Upon execution, the user is presented with a donation request form to fill out. The e-mail appears to come from the American Red Cross, United Way and the September 11th Fund. Once the form is complete, the personal and confidential information on the form is uploaded to a non-Red Cross Web site, according to the Red Cross. Septer.Trojan is the second malicious program published in an effort to capitalize on the Sept. 11 attack against the United States. In late September, a virus named “Vote” — which offered recipients the chance to vote for “peace between America and Islam” — made the rounds briefly. It also was a low risk and infected few users. Vincent Gullatto, senior director of research at McCafee Corp.’s antivirus lab, said he didn’t think Internet users were likely to fall for such scams. “I think perhaps earlier in the month closer to attack,” sympathetic Net users might have been tricked by such an e-mail, Gullatto said. “But not now. As time has gone on there’s been a lot of talk about cyberterrorism. People may be a little more aware of things happening right now. ... I don’t think they would believe the Red Cross would send out such an e-mail.” The Red Cross says it is currently only accepting credit card donations on its Web site and on a few partner Web sites: www.amazon.com www.aol.com www.paypal.com www.wellsfargo.com www.yahoo.com www.helping.org www.libertyunites.org www.1800flowers.com <a href="http://www.msnbc.com/news/646075.asp?0na=23027C0">http://www.msnbc.com/news/646075.asp?0na=23027C0>- -------------------------------------------------- Get more bang for your buck with TopOffers! It's the best bargains, bar none! Choose your favorite TopOffers now and collect a SPECIAL BONUS! <a href="http://click.topica.com/caaadS0b1dhr0b1uN4If/Topica">http://click.topica.com/caaadS0b1dhr0b1uN4If/Topica> -------------------------------------------------- --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: <a href="mailto:cybercrime-alerts-subscribe@topica.com?Subject=Re:%20*%20cybercrime-alerts%20*%20Malicious%20program%20tries%20to%20steal%20credit%20cards%2526In-Reply-To=%2526lt;0.1700021638.587541121-212058698-1003787471@topica.com">cybercrim e-alerts-subscribe@topica.com</a> --via http://theMezz.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b1uN4I Or send an email To: <a href="mailto:cybercrime-alerts-unsubscribe@topica.com?Subject=Re:%20*%20cybercrime-alerts%20*%20Malicious%20program%20tries%20to%20steal%20credit%20cards%2526In-Reply-To=%2526lt;0.1700021638.587541121-212058698-1003787471@topica.co m">cybercrime-alerts-unsubscribe@topica.com</a> This email was sent to: <a href="mailto:fc@all.net?Subject=Re:%20*%20cybercrime-alerts%20*%20Malicious%20program%20tries%20to%20steal%20credit%20cards%2526In-Reply-To=%2526lt;0.1700021638.587541121-212058698-1003787471@topica.com">fc@all.net</a> T O P I C A -- Register now to manage your mail! <a href="http://www.topica.com/partner/tag02/register">http://www.topica.com/partner/tag02/register> ==^================================================================ ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST