Offshoreonly.com

Offshoreonly.com (https://www.offshoreonly.com/forums/)
-   General Boating Discussion (https://www.offshoreonly.com/forums/general-boating-discussion-51/)
-   -   OT - Ebay scam emails get dangerous.... (https://www.offshoreonly.com/forums/general-boating-discussion/66657-ot-ebay-scam-emails-get-dangerous.html)

C_Spray 12-18-2003 04:30 PM
OT - Ebay scam emails get dangerous....
 
Heads up, everybody:


Cayam worm targets eBay users

Dec 16 2003

A mass-mailing email worm that also spreads via P2P networks targets eBay users in a fashion similar to Mimail.J's targeting of PayPal users. The worm, dubbed W32.HLLW.Cayam@mm by antivirus vendor Symantec, was discovered on December 16, 2003. Users who open the Cayam worm will be presented with a screen that mimics the look and feel of the legitimate eBay site. Information requested by the worm includes the user's eBay login ID and password, credit card and banking details, social security number and other personal financial details. Inputting this information provides the Cayam worm author with more than enough details to pull off credit card fraud or even complete identity theft.

Via email, the worm arrives as an attachment named eBayVerify.exe. Via KaZaA and eMule P2P networks, the worm disguises itself as Mayacrack.exe and 3dsmaxcrack.exe, respectively. Crack programs are frequently sought after on filesharing networks by users who wish to illegally break into copies of software in violation of copyright. There is an odd sort of irony to a worm which attempts to steal financial details from persons who are stealing software.

Using addresses found in the Windows address book, the Cayam worm composes and sends itself via email as follows:

Subject: Verify your eBay account information

Dear Ebay user,
Dear valued member, It has come to our attention that your eBay Billing Information records are out of date. That requires you to update the Billing Information If you could please take 5-10 minutes out of your online experience and update your billing records, you will not run into any future problems with eBay`s online service. However, failure to update your records will result in account termination. Please update your records in maximum 24 hours. Once you have updated your account records, your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.

Please open attachment to update your billing records.

Thank you for your time!

Marry Kimmel,

Method of infection
The Cayam worm drops copies of itself as follows:

C:\Windows\Msfind32.exe
C:\eBayVerify.exe
C:\Program Files\Kazaa\My Shared Folder\Mayacrack.exe
C:\Program Files\eMule\Incoming\3dsmaxcrack.exe

The Cayam worm modifies the following system Registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce

adding the following value:

"MSFind32"="c:\windows\msfind32.exe"

allowing the worm to load when the sytem is rebooted and Windows starts.

Removing the worm
Locate and delete the Registry edits made by the worm. Locate and delete the files dropped by the worm.

wwwTOPDJcom 12-18-2003 04:49 PM
good info C Spray , you should never open a attachment even if its from someone you know
without using a Virus scan, Norton or Mcaffe
Both have active scanning of your email or files
entering your computer. Just remeber viruses will use your friends address book to replicate themself, most people feel its ok to open files without scanning them from their friends and relatives.

wannabe 12-19-2003 07:31 AM
ttt
 
ttt


All times are GMT -5. The time now is 03:46 PM.


Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.