iDeceive: Hijack Alert: talian pensioner dies hoisting flag for final game

2006-07-13

Hijack Alert: talian pensioner dies hoisting flag for final game

Here's another instance of "sensational news" being used as bait to lure people to a website armed and loaded with Web-Attacker, a piece of software designed to compromise computers and place them under the control of another party. The spam itself looks like so.

World-Soccer News

"World-Cup'2006 Germany" scandals and afterparty news!

July 9-10:

Italy lift Cup, bitter end for Zidane

Italy lifted the World Cup for the fourth time on Sunday, beating France on penalties in a match that will be remembered for Zinedine Zidane's sending off for butting an opponent..

Italian pensioner dies hoisting flag for final

A 77-year-old Italian pensioner fell off a ladder and died as he tried to attach Italy's flag to a pole ahead of Sunday's World Cup final against France...

Italy welcomes diversion of Azzurri glory

Hundreds of thousands of Italians gathered on Monday in Circus Maximus, one of ancient Rome's most famous stadiums, to fete their...

Wor ld-Cup reaches climax with Italy-France final
The world's most-watched sporting event reaches its climax on Sunday when Italy take on France in the World Cup final in Berlin.

Fresh news and more - on World-Soccer News!

Send
This link to your friends!

© 2006 World-Soccer

Note the invitation to mail the link to your friends. Spread the disease, if you please, except that the link there is "world-of-soccer.org" for some reason. Anyhow, the trail is fairly typical for this sort of thing. The "world-of-soccer.biz" (and ".org") website uses frame-wrapping to hold "http://soccer-2006germany.com/". That site in turn starts with a tremendously obfuscated piece of Javascript which ultimately produces a page of soccer-related information.

Unbeknownst to the casual viewer, however, it also loads two invisible frames which incorporate Web-Attacker. One is at http://www.soccer-2006germany.com/go.php, and the other is at http://www.extechweb.com/go.php. These ultimately redirect to Web-Attacker's attack-mode script. The statistics screen for the Web-Attacker instances can be found at http://www.soccer-2006germany.com/cgi-bin/ie0606.cgi and http://www.extechweb.com/cgi-bin/ie0606.cgi, respectively. You'll have to guess the password to do anything useful beyond that point, however.

No comments:

Post a Comment

A Simple Warning

With the increasing number of laws against spam around the globe, the trend has not been for spam to decrease, but rather for more and more spam to be criminally motivated. Therefore, do not respond to spam. Do not follow links in spam. Do not purchase anything advertised by spam. Do not pursue job offers that arrive via spam. Do not believe that your bank sent you that account closure warning. Don't act on that "hot stock tip" you didn't solicit. Do not attempt to collect lottery winnings from lotteries you didn't enter, and don't assist in the relocation of millions of dollars even if it's offered by a poor widow or orphan who wants you to use it for the Lord's work. Assume that the spammer is a crook who wants to fleece you six ways to Sunday. You'll be much, much safer that way.

iDeceive

Current Status

2006-07-13

Hijack Alert: talian pensioner dies hoisting flag for final game

No comments:

Contact iDeceive

A Simple Warning

Blog Archive

Informative Links

See Also

Specialised Spam Archives

Suckers Wanted

Copyright Notice