I got a GiftRocket email this morning and, after seeing your warning, I promptly deleted it without opening it.
Thank you, Dolly.
Hello,
Please be aware that our Agency received an email at 10:07AM from "[email protected]". It was a GiftRocket money card from "Dave from Theeroticreview" with a note that stated: "I'm such a big fan of you. Your body, soul and vitality are extraordinary. I thought I would motivate you a bit! Please accept this gift as a small token of my appreciation.Hope to see ya soon!"
The mail includes a link to download a PDF. When you rollover the link it looks like a link to a PDF. However when you click on the link you are asked to download a .SCR file. NOTE: SCR files are KNOWN VECTORS for viruses and trojans. Worse, this particular file was analyzed by three powerful antivirus scans and only ONE was able to detect a virus.
The virus/trojan/worm is known as a Grafter virus or a Worm:Win32/Morto. It is a worm that allows unauthorized access to an affected computer. It spreads by trying to compromise administrator passwords for Remote Desktop connections on a network.
We could not deduce if this was a targeted an unintentional attack from an infected computer, an intentional specific attack, OR worse, an intentional targeted attack to members of TER in order to collect information and take over systems.
This is a very skillful and dangerous attack. Because the mail is from a "trusted source", because the note includes a known reference (TER), and because it is virtually undetectable by virus scanners, we believe that most people would have opened this and could have potentially been impacted.
Thank You,
Dolly
The Miami Dolls
Sender couldn't decide if he was Steve or Scott, and the link goes to spoof sites, two of them (giftsrocket.com and giftrocket.gift)
Wonder if it's related to the twitter crap yesterday, or if that shit caught the attention of hackers?
I get a pop up all the time now that says, "website wants to open web content using this program on your computer" The name of the publisher is mindspark toolbar platform, mindspark interactive network.
I've run my Webroot scan a couple of times and it won't get rid of it.
I select, "don't allow", and "don't show this warning again", and it pops up every single time I click on anything to do with TER on my computer.
Do you have email set to auto-load pictures? If so, then that's how it got in - and is good to know for anyone who hasn't opened it yet. You should be able to set it to never load images (pretty easy in Gmail, but I recommend Googling for the best way for your program if you use something else) and after that, I've found that Avast antivirus is resource-heavy but has a pretty good search-and-destroy ability for malware.
Thank you, thank you, thank you for telling us!
Please be aware that our Agency received an email at 10:07AM from "[email protected]". It was a GiftRocket money card from "Dave from Theeroticreview" with a note that stated: "I'm such a big fan of you. Your body, soul and vitality are extraordinary. I thought I would motivate you a bit! Please accept this gift as a small token of my appreciation.Hope to see ya soon!"
The mail includes a link to download a PDF. When you rollover the link it looks like a link to a PDF. However when you click on the link you are asked to download a .SCR file. NOTE: SCR files are KNOWN VECTORS for viruses and trojans. Worse, this particular file was analyzed by three powerful antivirus scans and only ONE was able to detect a virus.
The virus/trojan/worm is known as a Grafter virus or a Worm:Win32/Morto. It is a worm that allows unauthorized access to an affected computer. It spreads by trying to compromise administrator passwords for Remote Desktop connections on a network.
We could not deduce if this was a targeted an unintentional attack from an infected computer, an intentional specific attack, OR worse, an intentional targeted attack to members of TER in order to collect information and take over systems.
This is a very skillful and dangerous attack. Because the mail is from a "trusted source", because the note includes a known reference (TER), and because it is virtually undetectable by virus scanners, we believe that most people would have opened this and could have potentially been impacted.
Thank You,
Dolly
The Miami Dolls
I got a GiftRocket email this morning and, after seeing your warning, I promptly deleted it without opening it.
Thank you, Dolly.
I recieved the same email from "Simon!"