Websense Alert: Dell lure installing Trojan Horse

Websense Security Labs has received reports of a new email campaign starting in Australia that attempts to lure users to connecting to a malicious website. The Australia CERT has reported emails that are spoofing the Dell online store. The emails claim that the user is being charged for a camera purchase and requests they connect to a site in order to view their profile. The site is encoding there code via Java Script which decodes to 8 different IFRAMES, all which attempt to load exploit code and download and install new malicious code. The site itself appears to be going up and down sporadically.


See: http://www.auscert.org.au/render.html?it=7595
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=774


See also Dell’s recent blog:
http://direct2dell.com/one2one/archive/2007/05/16/15050.aspx


Note:  Dell advised users last year on similar phished message to visit their http://www.dell.com/spoof on how to protect.

Leave a Reply