What exploit is this?

Boss Hoss · 06-09-2004, 10:11 PM

I have some clients getting emails with the following type link in the email:

http://www.domain.com/inbox/info/rea...essionid-29930 <cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re>

what kind of exploit is this? I used to get them too but my spam filtering kills them now.

J.W. · 06-10-2004, 12:46 AM

You probably want to post this question over in the Security forum. Ask the moderator to move it there, and you probably will get the answer you seek. -- J.W.

XavierP · 06-10-2004, 02:50 AM

Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.

Kroppus · 06-10-2004, 04:30 PM

I think that's just another way to scam you for a valid e-mail, with username and password.
I've gotten a few of them on my yahoo account..

you'd better take a look at www.rootexploit.org
there's bound to be something about it there

chort · 06-10-2004, 05:35 PM

Usually links with embedded object or handler tags are Windows-specific exploits (the cid:). Nothing really to worry about if you're not using Windows, but just remember to not click on links in e-mail.

Edit: Oh, looking at it again (with inbox/read.php stuff) it's probably a Squirrelmail Cross Site Scripting (XSS) attack. There have been several recent vulnerabilities in Squirrelmail. So my first advice was very relevant: don't click links in e-mail!.

benjithegreat98 · 06-11-2004, 01:00 PM

This is more that likely the Netsky virus (may have been one of the other big ones.... I don't really feel like verifying that). This is just one of the fun messages that you get in your inbox because of it. Like you've heard a million times: Don't open the attachment (in this case link)

chort · 06-11-2004, 06:16 PM

Actually, benji is right. I looked it up and it is indeed NetSky.