Skip to main content

Fwd: [CSSAMSU] Another attack using Linked In

---------- Forwarded message ----------
From: Jerry McAllister <jerrymc@msu.edu>
Date: Tue, Dec 13, 2011 at 12:21 PM
Subject: [CSSAMSU] Another attack using Linked In
To: CSSAMSU@list.msu.edu


Hi Everyone,

There is another attack also going around.  It uses several names
although the one I am seeing today and yesterday is LinkedIn.
It does not come via LinkedIn  or from any of the other addresses
it tries to fake.   The real From entry in the Email header is
a pc somewhere which was probably attacked.   The attack worked on
that person's computer and now it is using that system to spread
the attack to others.

Again, do NOT open these Emails if you can help it.  Some of them have
code embedded in the message itself to attack your machine.   ALso, do NOT
go to any addresses they give you or use any so-called 'Transaction ID'
numbers they name.   They are fake.

If you have opened the message or looked at any addresses they have,
then you again need to take your machine off the network and get it
cleaned, either by a good anti-virus repair program or taking it in
to the help room on the first floor of the Computer Center Building.

Sorry to have to bother you with so many of these, but it is important
to be careful.  These attacks can damage your files and steal personel
information that they can use to steal from your bank and credit accounts.

Following is a sample of some of the text that tends to come with
this attack.   I have seen several similar ones that vary in the
names and numbers they use, trying to make it fool people.

Good luck,

////jerry

  Example of one of the attack messages
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

In this example the faked from address was:
 "LinkedIn" <linkedin@em.linkedin.com>

The real from address was:
  courtneyy4@rotatrim.com

Who is probably an innocent victim, although that address could even
have been faked.
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


       NACHA - The Electronic Payments Association


   The ACH  transaction (ID: 72554624690717), recently  initiated from your
 checking account (by you or any other person), was  canceled by the other
 financial institution.
    Rejected  transaction


       Transaction ID:
       72554624690717


       Reason of rejection
       See details in the report below


       Transaction Report
       report_72554624690717.doc (Microsoft Word Document)


  13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171  (703) 561-1100
   &copy; 2011 NACHA - The Electronic Payments Association


----- End forwarded message -----

================================================================
To Subscribe or Unsubscribe CSSAMSU mailing list, please go to:

    http://list.msu.edu/archives/cssamsu.html

Click "Join or leave the list". For further assistance, please
contact Jerry McAllister jerrymc@msu.edu
================================================================

Comments

Post a Comment

https://gengwg.blogspot.com/

Popular posts from this blog

CKA Simulator Kubernetes 1.22

  https://killer.sh Pre Setup Once you've gained access to your terminal it might be wise to spend ~1 minute to setup your environment. You could set these: alias k = kubectl                         # will already be pre-configured export do = "--dry-run=client -o yaml"     # k get pod x $do export now = "--force --grace-period 0"   # k delete pod x $now Vim To make vim use 2 spaces for a tab edit ~/.vimrc to contain: set tabstop=2 set expandtab set shiftwidth=2 More setup suggestions are in the tips section .     Question 1 | Contexts Task weight: 1%   You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl . Finally write a second command doing the same thing into ...
Post a Comment
Read more

OWASP Top 10 Threats and Mitigations Exam - Single Select

Last updated 4 Aug 11 Course Title: OWASP Top 10 Threats and Mitigation Exam Questions - Single Select 1) Which of the following consequences is most likely to occur due to an injection attack? Spoofing Cross-site request forgery Denial of service   Correct Insecure direct object references 2) Your application is created using a language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? Injection   Correct Insecure direct object references Failure to restrict URL access Insufficient transport layer protection 3) Which of the following scenarios is most likely to cause an injection attack? Unvalidated input is embedded in an instruction stream.   Correct Unvalidated input can be distinguished from valid instructions. A Web application does not validate a client’s access to a resource. A Web action performs an operation on behalf of the user without checkin...
2 comments
Read more