[Tfug] Exploiting docs.google.com

[Brian Murphy]

Quoting erich <erich1 at copper.net>:
> OK,
>          I have a acquaintance of mine who is frantic. He has a Yahoo
> web mail account, and in the past week an agent apparently originating
> from Yahoo has used his address book to send spam.

Is your acquaintance into social networking?

http://www.dailytech.com/article.aspx?newsid=15663

Yahoo and hotmail must have APIs of some sort for this to work.  Or
maybe they're really determined screen-scrapers.

Brian



>          In it's most recent attack attempt, it sends a message with a link
> to a place in docs.google.com that displays this ad for some gambling
> website. You click on the display ad and it attempts to download
> a *.exe to your computer. In other words the attacker is using Google
> to:
>               1) Display a socially-engineered ad to lure someone.
>
>               2) Harbor a malicious *.exe to download.
>
>           Never mind Google. Can some agent within Yahoo grab your
> e-mail address list for an exploit?
>
>                                                                   Erich
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org




The opinions or statements expressed herein are my own and should not be
taken as a position, opinion, or endorsement of the University of
Arizona.