OT - Ebay scam emails get dangerous....
12-18-2003, 04:30 PM
#1
Diamond Member #001
Charter MemberThread Starter
iTrader: (2)
Join Date: Oct 2000
Location: Coastal North Carolina
Posts: 4,808
Likes: 0
Received 5 Likes
on
4 Posts
OT - Ebay scam emails get dangerous....
Heads up, everybody:
Cayam worm targets eBay users
Dec 16 2003
A mass-mailing email worm that also spreads via P2P networks targets eBay users in a fashion similar to Mimail.J's targeting of PayPal users. The worm, dubbed W32.HLLW.Cayam@mm by antivirus vendor Symantec, was discovered on December 16, 2003. Users who open the Cayam worm will be presented with a screen that mimics the look and feel of the legitimate eBay site. Information requested by the worm includes the user's eBay login ID and password, credit card and banking details, social security number and other personal financial details. Inputting this information provides the Cayam worm author with more than enough details to pull off credit card fraud or even complete identity theft.
Via email, the worm arrives as an attachment named eBayVerify.exe. Via KaZaA and eMule P2P networks, the worm disguises itself as Mayacrack.exe and 3dsmaxcrack.exe, respectively. Crack programs are frequently sought after on filesharing networks by users who wish to illegally break into copies of software in violation of copyright. There is an odd sort of irony to a worm which attempts to steal financial details from persons who are stealing software.
Using addresses found in the Windows address book, the Cayam worm composes and sends itself via email as follows:
Subject: Verify your eBay account information
Dear Ebay user,
Dear valued member, It has come to our attention that your eBay Billing Information records are out of date. That requires you to update the Billing Information If you could please take 5-10 minutes out of your online experience and update your billing records, you will not run into any future problems with eBay`s online service. However, failure to update your records will result in account termination. Please update your records in maximum 24 hours. Once you have updated your account records, your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.
Please open attachment to update your billing records.
Thank you for your time!
Marry Kimmel,
Method of infection
The Cayam worm drops copies of itself as follows:
C:\Windows\Msfind32.exe
C:\eBayVerify.exe
C:\Program Files\Kazaa\My Shared Folder\Mayacrack.exe
C:\Program Files\eMule\Incoming\3dsmaxcrack.exe
The Cayam worm modifies the following system Registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
adding the following value:
"MSFind32"="c:\windows\msfind32.exe"
allowing the worm to load when the sytem is rebooted and Windows starts.
Removing the worm
Locate and delete the Registry edits made by the worm. Locate and delete the files dropped by the worm.
Cayam worm targets eBay users
Dec 16 2003
A mass-mailing email worm that also spreads via P2P networks targets eBay users in a fashion similar to Mimail.J's targeting of PayPal users. The worm, dubbed W32.HLLW.Cayam@mm by antivirus vendor Symantec, was discovered on December 16, 2003. Users who open the Cayam worm will be presented with a screen that mimics the look and feel of the legitimate eBay site. Information requested by the worm includes the user's eBay login ID and password, credit card and banking details, social security number and other personal financial details. Inputting this information provides the Cayam worm author with more than enough details to pull off credit card fraud or even complete identity theft.
Via email, the worm arrives as an attachment named eBayVerify.exe. Via KaZaA and eMule P2P networks, the worm disguises itself as Mayacrack.exe and 3dsmaxcrack.exe, respectively. Crack programs are frequently sought after on filesharing networks by users who wish to illegally break into copies of software in violation of copyright. There is an odd sort of irony to a worm which attempts to steal financial details from persons who are stealing software.
Using addresses found in the Windows address book, the Cayam worm composes and sends itself via email as follows:
Subject: Verify your eBay account information
Dear Ebay user,
Dear valued member, It has come to our attention that your eBay Billing Information records are out of date. That requires you to update the Billing Information If you could please take 5-10 minutes out of your online experience and update your billing records, you will not run into any future problems with eBay`s online service. However, failure to update your records will result in account termination. Please update your records in maximum 24 hours. Once you have updated your account records, your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.
Please open attachment to update your billing records.
Thank you for your time!
Marry Kimmel,
Method of infection
The Cayam worm drops copies of itself as follows:
C:\Windows\Msfind32.exe
C:\eBayVerify.exe
C:\Program Files\Kazaa\My Shared Folder\Mayacrack.exe
C:\Program Files\eMule\Incoming\3dsmaxcrack.exe
The Cayam worm modifies the following system Registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
adding the following value:
"MSFind32"="c:\windows\msfind32.exe"
allowing the worm to load when the sytem is rebooted and Windows starts.
Removing the worm
Locate and delete the Registry edits made by the worm. Locate and delete the files dropped by the worm.
__________________
Retired! Boating full-time now.
Retired! Boating full-time now.
12-18-2003, 04:49 PM
#2
VIP Member
Platinum Member
good info C Spray , you should never open a attachment even if its from someone you know
without using a Virus scan, Norton or Mcaffe
Both have active scanning of your email or files
entering your computer. Just remeber viruses will use your friends address book to replicate themself, most people feel its ok to open files without scanning them from their friends and relatives.
without using a Virus scan, Norton or Mcaffe
Both have active scanning of your email or files
entering your computer. Just remeber viruses will use your friends address book to replicate themself, most people feel its ok to open files without scanning them from their friends and relatives.
Thread
Thread Starter
Forum
Replies
Last Post
TEAMBAJA
General Boating Discussion
7
10-21-2003 08:00 AM
