Dutchies, probably new phishing

Discussion in 'malware problems & news' started by FanJ, Mar 22, 2007.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,660
    In Dutch and in English:

    English:

    I've just seen an email in my Mailwasher Pro.
    It "looks" like it is coming from a Dutch bank ABNAmro.
    The mail is in Dutch.
    It is about a new SSL3 protocol.
    Attached seems to be a file ms_ssl3_upd.exe
    This can't be true.
    I haven't yet opened it.

    Here is the text of the email in Dutch:

    ===

    Geachte gebruiker!

    Onze bank houdt regelmatig toezicht over de laatste vorderingen ter tegenstrijding van netpiraten en treft steeds preventiemaatregelen om zijn klanten tegen opscheppers te beschermen. Een groep vakmensen op het gebied van computerveiligheid is te weten gekomen van een grove fout in het protocol SSL, die door een hacker kan worden gebruikt om toegang te krijgen tot uw bankrekening.

    Vanaf morgen wordt er in het toegangsysteem tot klantenrekeningen een nieuw protocol SSL3 in gebruik genomen, dat op het huidige moment als het meest veilig wordt beschouwd. De klanten die gebruik maken van Internet-browsers zonder SSL3 kunnen dus geen toegang krijgen tot hun bankrekeningen via het Intenet.

    U dient uw browser te vernieuwen. Onze vakmensen hebben de vernieuwingen voor alle browsertypes uitgewerkt. De vernieuwing is aan deze brief bijgelegd. U hoeft de programma-module gewoon te starten en de vernieuwing wordt automatisch opgeslagen.

    De programmamodule ms_ssl3_upd.exe is bijgelegd.

    Bedankt voor uw ondersteuning en wij hopen verder met u samen te werken.

    ===
     
    FanJ, Mar 22, 2007
    #1
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Save that file to disk (don´t execute it), upload it to VirusTotal and Jotti.
    Then, send it compressed and password-protected to AV companies with a short description in the body message.
     
    Last edited: Mar 22, 2007
    lucas1985, Mar 22, 2007
    #2
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Pieter_Arntz, Mar 22, 2007
    #3
  4. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    I guess to follow soon one from Barclays ;)
    (by the way I get warned of this via my handy, but a little late. I read about it 24 hours before my handy warning)

    Gerard
     
    gerardwil, Mar 22, 2007
    #4
  5. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    I got a phish Barcays mail last week at work. Forwarded it to Barclays security. Pretty amateurish one though.
     
    Old Monk, Mar 22, 2007
    #5
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    Hi Jan (FanJ),

    I am sure you have noticed that is pretty poor Dutch language. :D

    Gerard
     
    gerardwil, Mar 22, 2007
    #6
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Yeah, makes you wonder how they ended up using:

    "protecting our customers against braggers" :cautious:
     
    Pieter_Arntz, Mar 22, 2007
    #7
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,660
    Hi Lucas,

    Thanks; that was exactly what I was planning to do ( ;) ), but other things got in the way before I had the opportunity to look further at it.

    Hoi Pieter en Gerard,
    Sorry dat het even duurde voordat ik er verder naar kon gaan kijken.
    Bedankt voor jullie berichten !
    Pieter, het wordt echt tijd dat ik me daar ook eens laat zien :oops:
    Begrijp ik dat het niet zoveel nut meer heeft om het bestand op te sturen naar de diverse AV/AT/AS firma's?
    LOL Gerard, zoiets dacht ik ook meteen.

    Groetjes, Jan.
     
    FanJ, Mar 22, 2007
    #8
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    The file was made available to the AV's FanJ. :)
    dvk01 helped me do that, since I was at work when I got that mail.

    Groetjes,

    Pieter
     
    Pieter_Arntz, Mar 22, 2007
    #9
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,660
    OK, thanks a lot Pieter (and Derek) !
     
    FanJ, Mar 22, 2007
    #10
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    EU
    I guess it is well known now everywhere ;)
    Greetz,

    Gerard
     
    gerardwil, Mar 22, 2007
    #11
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,660
    Hi,

    In the meanwhile I understood that today a warning was broadcasted here in Holland on the radio.

    The filename of the nasty that I got, is: 599.exe

    ~ Online virus scan results removed. Please send any samples to the respective antivirus vendors. Menorcaman ~
     
    Last edited by a moderator: Mar 22, 2007
    FanJ, Mar 22, 2007
    #12
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...