From: Pau A. <pa...@gu...> - 2011-07-16 15:15:38
|
On Fri, July 15, 2011 11:33 pm, Geert Mak wrote: > spamassassin decided this is spam? A quick look through the email says SA is very likely right (technically, it's a phishing attempt, not spam, but...) > Begin forwarded message: > >> From: "Squirrel Mail Development Team"<ldt...@3m...> Wrong sender email address, wrong spelling (it's squirrelmail, not "squirrel mail") >> To: undisclosed-recipients:; Missing recipient email address (should have the SM announce list there) >> Subject: UPDATE YOUR E-MAIL SECURITY IMMEDIATELY (IUEU) All-caps subject, missing the list header (the equivalent of [SM-DEVEL] for the announce list) >> Dear E-Mail User >> >> Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced >> to release 1.4.15 Quick quiz: what's the latest 1.4.x release? (hint: it was announced less than 3 weeks ago) to ensure no confusions. While initial review didn't >> uncover a need for concern, several proof of concepts show that the >> package alterations introduce a high risk security issue, allowing >> remote inclusion of files. These changes would allow a remote user the >> ability to execute exploit code on a victim machine, without any user >> interaction on the victim's server. This could grant the attacker the >> ability to deploy further code on the victim's server. Wording/grammar scream "ESL speaker" to me (this isn't bad per se, and wouldn't prove anything by itself, but it's another indication that something's off). >> So upgrade to Squirrel Mail Development Team by click Squirrel Mail >> Login SquirrelMail 1.4.15 Released I'm guessing there was a link to an attack/compromised/phishing webpage there. |