[Tfug] Exploiting docs.google.com

erich erich1 at copper.net
Wed Jul 15 11:07:09 MST 2009 

No,
       He doesn't use Tagged, but I myself got spams from ANOTHER 
acquaintance which
said "tagged" on them. I called him on the phone, and he was very 
embarrassed. It seems
that some agent absconded with his address book, and was sending 
messages saying
"roy has tagged you" to all his friends/business associates. They 
stopped coming
about a year ago.
       I don't belong to any social networking sites. However I am under 
increasing
social pressure to join one of them. :/

                                                                              
Erich


Brian Murphy wrote:
> Quoting erich <erich1 at copper.net>:
>> OK,
>>          I have a acquaintance of mine who is frantic. He has a Yahoo
>> web mail account, and in the past week an agent apparently originating
>> from Yahoo has used his address book to send spam.
>
> Is your acquaintance into social networking?
>
> http://www.dailytech.com/article.aspx?newsid=15663
>
> Yahoo and hotmail must have APIs of some sort for this to work.  Or
> maybe they're really determined screen-scrapers.
>
> Brian
>
>
>
>>          In it's most recent attack attempt, it sends a message with 
>> a link
>> to a place in docs.google.com that displays this ad for some gambling
>> website. You click on the display ad and it attempts to download
>> a *.exe to your computer. In other words the attacker is using Google
>> to:
>>               1) Display a socially-engineered ad to lure someone.
>>
>>               2) Harbor a malicious *.exe to download.
>>
>>           Never mind Google. Can some agent within Yahoo grab your
>> e-mail address list for an exploit?
>>
>>                                                                   Erich
>>
>> _______________________________________________
>> Tucson Free Unix Group - tfug at tfug.org
>> Subscription Options:
>> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
>
>
> The opinions or statements expressed herein are my own and should not be
> taken as a position, opinion, or endorsement of the University of
> Arizona.
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>

More information about the tfug mailing list