New Social Engineering for MS03-32

["Michael Tighe" <mtighe () appliedmessaging com>]

I got "interesting" email this weekend.  Someone is
suggesting that I go to their site to send an email
greeting card to someone and use that to SPY on them:

        "Spy on Anyone by sending them an Email-Greeting Card! 
        Spy Software records their emails, Hotmail, Yahoo, 
        Outlook, ACTUAL Computer Passwords, Chats, Keystrokes, 
        PLUS MORE..
 
        Check up on your SPOUSE, KIDS, or EMPLOYEES!
        Follow This Link To Begin... "

This has two layers of social engineering: one, it causes
you to click on a link.  If you've not got a completely
good patch (or not immune to) the MS IE ObjectTag bug
(http://www.microsoft.com/technet/security/bulletin/MS03-032.asp), 
then you can catch something.  

But even if they are offering a valid service, it looks
like what they are doing is capitalizing on the fact that
your "anyone" isn't patched either - because by getting them
to open your greeting card, you can use MS03-32 to install
spyware.

Yeesh!

PS: the URL in my email appears to be 

       http://www.goohle.us/index.php?afil=1025

Your mileage may vary.  I liked that the DOMAIN name was
"goohle" rather than "google".  I almost didn't notice 
the misspelling.  A preliminary look suggests that 
"goohle" is used as a keyword for pictures and websites
of a specific sort.

-- Michael Tighe
email: tighe () appliedmessaging com
phone: 781-676-6700
MSN Messenger: tighe () appliedmessaging com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html