[SGVLUG] Social engineering done right...

matti mathew_2000 at yahoo.com
Thu Mar 16 11:37:04 PST 2006


Hi,

> Seems to me that there are probably three possibilities, in order of
> probability:
> 
> 1) The owner of postcards.org is doing this scam
> 2) The system that hosts postcards.org is compromised and someone
> thought it'd be a good way to scam people
> 3) An insider @ ServePath configured the domain/system this way with
> or without permission.

4) Adjacent system compromised (tom pointed this possibility out iirc)

fyi - there also are various ways to attack DNS servers
and host tables...

google search brings up a few interesting notes:
(searched on: postcards.org spyware)
http://www.dynamoo.com/diary/postcards-org.htm

spammuseum.co.uk had what appeared to be your
exact server name "www2" but unfortunately
the original page isnt available (google
cache however does show it.)

in fact postcards themselves explain a bit:
http://www.postcards.org/postcards/special/aunt_edna_virus.html

looks like postcards.org are really pissed off: 
"And if you happen to hit him with a fast-moving car, 
we'll won't be displeased."

best
matti


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the SGVLUG mailing list