[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OT - AIM] Disguised URL's In AIM's and Counterfeit Pay PalEmails
IIRC, pif ==> Program Information File.
The info it needs to execute the exe
Cheers
Marc
>
> well the pif is just a shortcut to the actual executable
>
> On 1/18/06, Allyn <amalventano1@tds.net> wrote:
> > That may be the windows metafile exploit, but I hadnt seen one disguised
> as a
> > .pif, nor did I think it could work if it was opened as such.
> >
> > For those who don't know about this:
> > http://www.microsoft.com/technet/security/advisory/912840.mspx
> > And the patch is available here:
> > http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
> > HTH
> > Al
> >
> > > -----Original Message-----
> > > From: scirocco-l-bounces+amalventano1=tds.net@scirocco.org
> > > [mailto:scirocco-l-bounces+amalventano1=tds.net@scirocco.org]
> > > On Behalf Of Peter
> > > Sent: Wednesday, January 18, 2006 2:57 AM
> > > To: 'Scirocco list'
> > > Subject: [OT - AIM] Disguised URL's In AIM's and Counterfeit
> > > Pay Pal Emails
> > >
> > > Check this AIM message out, and it's happened several times
> > > before, from other unknown senders:
> > >
> > > vwdubnut85: should i put these pictures of us on myspace or
> > > facebook?
> > > http://photobucket.com/NewPictures/pic20.jpg
> > >
> > > thesciroccocom: Nice try:
> > > http://download.pinkiespalace.net/picture01.pif
> > >
> > > I clicked to show the hyperlink, and this is what the
> > > seemingly harmless photobucket URL actually is:
> > > http://download.pinkiespalace.net/picture01.pif
> > >
> > > This is probably nothing, but when the url is disguised, it
> > > makes me suspicious.
> > > In the past .jpg's have turned into .exe's and so on.
> > >
> > > This is also really common with all the Pay Pal spoofs;
> > > [mailto:spoof@paypal.com]
> > >
> > >
> > > Peter
> > > http://thescirocco.com/
> > >
> > > Please! Include the previous text in your reply...
> > >
> > >