[iwar] [fc:Malicious.program.tries.to.steal.credit.cards,.but.not.getting.far.]

From: Fred Cohen (fc@all.net)
Date: 2001-10-22 15:22:28


Return-Path: <sentto-279987-3269-1003789332-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 22 Oct 2001 15:23:11 -0700 (PDT)
Received: (qmail 15710 invoked by uid 510); 22 Oct 2001 22:21:42 -0000
Received: from n7.groups.yahoo.com (216.115.96.57) by 204.181.12.215 with SMTP; 22 Oct 2001 22:21:42 -0000
X-eGroups-Return: sentto-279987-3269-1003789332-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by n7.groups.yahoo.com with NNFMP; 22 Oct 2001 22:22:12 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 22 Oct 2001 22:22:12 -0000
Received: (qmail 8403 invoked from network); 22 Oct 2001 22:22:11 -0000
Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 22 Oct 2001 22:22:11 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 22 Oct 2001 22:22:11 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9MMMTW10681 for iwar@onelist.com; Mon, 22 Oct 2001 15:22:29 -0700
Message-Id: <200110222222.f9MMMTW10681@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Mon, 22 Oct 2001 15:22:28 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Malicious.program.tries.to.steal.credit.cards,.but.not.getting.far.]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

No victims in Red Cross virus scam

Malicious program tries to steal credit cards, but not getting far.

Recipients of the Septer.Trojan receive this realistic-looking form soliciting donations. 
The information is actually uploaded to a virus-writer's Web site.

By Bob Sullivan MSNBC

Oct. 22 —  There’s a new malicious computer program designed to prey on people’s 
generosity towards the American Red Cross. The program, called “Septer.Trojan,” arrives 
as an e-mail and attempts to trick recipients into filling out a form with credit 
card information. The Red Cross has warned Net users to delete any such an e-mail 
solicitation, since the agency doesn’t ask for money that way. Meanwhile, antivirus 
firms rate Septer.Trojan a low risk because it hasn’t spread quickly.

        THE RED CROSS says there are no known victims of the Trojan

       “We have not had any individual cases that have been reported to us,” said 
Kelly Alexander, spokesperson for the Red Cross.

       Septer.Trojan comes in the form of an executable file attached to an e-mail 
message. Upon execution, the user is presented with a donation request form to fill 
out. The e-mail appears to come from the American Red Cross, United Way and the September 
11th Fund. Once the form is complete, the personal and confidential information on 
the form is uploaded to a non-Red Cross Web site, according to the Red Cross.

       Septer.Trojan is the second malicious program published in an effort to capitalize 
on the Sept. 11 attack against the United States. In late September, a virus named 
“Vote” — which offered recipients the chance to vote for “peace between America and 
Islam” — made the rounds briefly. It also was a low risk and infected few users.

       Vincent Gullatto, senior director of research at McCafee Corp.’s antivirus 
lab, said he didn’t think Internet users were likely to fall for such scams.

   “I think perhaps earlier in the month closer to attack,” sympathetic Net users 
might have been tricked by such an e-mail, Gullatto said. “But not now. As time has 
gone on there’s been a lot of talk about cyberterrorism. People may be a little more 
aware of things happening right now. ... I don’t think they would believe the Red 
Cross would send out such an e-mail.”

           The Red Cross says it is currently only accepting credit card donations 
on its Web site and on a few partner Web sites:

www.amazon.com
 www.aol.com
 www.paypal.com
 www.wellsfargo.com
 www.yahoo.com
 www.helping.org
 www.libertyunites.org
 www.1800flowers.com


<a href="http://www.msnbc.com/news/646075.asp?0na=23027C0">http://www.msnbc.com/news/646075.asp?0na=23027C0>-

--------------------------------------------------
Get more bang for your buck with TopOffers!
It's the best bargains, bar none!
Choose your favorite TopOffers now
and collect a SPECIAL BONUS!
<a href="http://click.topica.com/caaadS0b1dhr0b1uN4If/Topica">http://click.topica.com/caaadS0b1dhr0b1uN4If/Topica>
--------------------------------------------------

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: <a href="mailto:cybercrime-alerts-subscribe@topica.com?Subject=Re:%20*%20cybercrime-alerts%20*%20Malicious%20program%20tries%20to%20steal%20credit%20cards%2526In-Reply-To=%2526lt;0.1700021638.587541121-212058698-1003787471@topica.com">cybercrim
e-alerts-subscribe@topica.com</a>
--via http://theMezz.com

==^================================================================
EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b1uN4I
Or send an email To: <a href="mailto:cybercrime-alerts-unsubscribe@topica.com?Subject=Re:%20*%20cybercrime-alerts%20*%20Malicious%20program%20tries%20to%20steal%20credit%20cards%2526In-Reply-To=%2526lt;0.1700021638.587541121-212058698-1003787471@topica.co
m">cybercrime-alerts-unsubscribe@topica.com</a>
This email was sent to: <a href="mailto:fc@all.net?Subject=Re:%20*%20cybercrime-alerts%20*%20Malicious%20program%20tries%20to%20steal%20credit%20cards%2526In-Reply-To=%2526lt;0.1700021638.587541121-212058698-1003787471@topica.com">fc@all.net</a>

T O P I C A -- Register now to manage your mail!
<a href="http://www.topica.com/partner/tag02/register">http://www.topica.com/partner/tag02/register>
==^================================================================

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST