Malware from email with title "Security alert: Verify your libreoffice@lists.freedesktop.org"

classic Classic list List threaded Threaded
2 messages Options
Simos Xenitellis Simos Xenitellis
Reply | Threaded
Open this post in threaded view
|

Malware from email with title "Security alert: Verify your libreoffice@lists.freedesktop.org"

Hi All,

There was an email that was sent to this mailing list the other day,
https://lists.freedesktop.org/archives/libreoffice/2018-May/080137.html

I did not see anyone commenting on this, therefore here we go.

It was some malware campaign, trying to get any recipients to click their link.
The email was asking users to click a link to "verify" some account information.

That link though was hosted on a website called silkenwindhounds.org
which has to do with some breed of dogs. Apparently, that website was
compromised.
The problem is that the scripts on that website are still active and
if anyone clicks on the link,
they are redirected through links to other websites that probably try
to exploit web browser bugs.

Is anyone dealing with this?

You need to contact http://www.silkenwindhounds.org/ that the
following two scripts are malware:
/content/late-code/index.php
/cgi-sys/suspendedpage.cgi (clever trick that does redirection, if
they are happy that the HTTP request is from an actual browser.
Otherwise, it just pretends that the website is suspended in order not
to draw suspicion).

Simos
_______________________________________________
LibreOffice mailing list
[hidden email]
https://lists.freedesktop.org/mailman/listinfo/libreoffice
Dennis Roczek Dennis Roczek
Reply | Threaded
Open this post in threaded view
|

Re: Malware from email with title "Security alert: Verify your libreoffice@lists.freedesktop.org"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Simon,

d 08.05.2018 16:49, Simos Xenitellis wrote:
> It was some malware campaign, trying to get any recipients to click
> their link. The email was asking users to click a link to "verify"
> some account information.
Nothing new. Most users simply do not open strange attachments or
click on these links.

I have removed that page since days from the nabble forums for
mntioned reasons.

> Is anyone dealing with this?
Most hackers here are C++ devs and might not knwo what happen there.
The mail wasn't send from a TDF address, no TDF server is involved...

I have removed the post in the nabble forums...

> You need to contact http://www.silkenwindhounds.org/ [...]
Why don't you do that? You seam to be very experienced with browsers
and web content...

> SimosRegards,
Dennis Roczek
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEhYmMfFabYko4V91Tzj5B/c4qttkFAlryngQACgkQzj5B/c4q
ttkV2g/+MLkRkg+tzWyrlVCHTzdGDxWNjqjTf73rznnNQUoj5NiKsJm8j5HX3MYe
+loA6XBXMXVYXQ2clJwkHCv+UuyUC7HWAqi1+YCcrmuQQaG5Z/AAmvaWhMx2ja+k
LuyIjbrGG7elPHJabGY8w6kxdzNHq3QWc+VYk1LCPejc1XP7EICsLGAfR31/So4t
Poul7uXIIU+JanWQILAyEYxS1NfloWJWVw2aLnKnys8CspckicYtxSWQ3o0C/vFZ
tOVnigBC3Fbths/06p6zeYY9xGlwITJ2aSRQ6bWS6IKdK9wslVze1eaaSt9Kz1hZ
NfXOIabd7BGMmopOmYTfpRQOYH6vHp5jF3Wv5Y/lXVzj4DXLDmaXjQMOps7yB1IO
BKHwTTfk7Ge8PZv1HGL4yANLVAim64bRx84a6JVZgkspeLEMfJuapQODwNO7blLO
kg58Lg7Z0+TRaoymJchD/7ZCOq7ibdzU8vU/wJRntr5mRZyRSM9C6Xv/MXeVeFv5
NBAY96dcqVM4OTbR6LcPVK2g9HVwC4Sczrrv0ARDuBcEEQ8U+/NrKxMESvCiNy20
i99nq84DL6a/aLFCdBfC6pTClcU5nX+qe1SyDfO/YmnaVwqCaAb0Nr1vbqBhf/ef
Dlv6WvIBSnC5ZZG1CjFPHtum0/a9+snBmqNu88QW5OwmFPEDQGk=
=LGwC
-----END PGP SIGNATURE-----
_______________________________________________
LibreOffice mailing list
[hidden email]
https://lists.freedesktop.org/mailman/listinfo/libreoffice