16 December 2007

semantic.exe phish

click picture to enlarge
heres a pretty decent phishing email thats currently making the rounds. it must be new seeing as gmail hasnt begun to filter it yet since we've received about six of these emails in the past hour.

at first glance it appears to be a legitimate email -- however, when you hover your mouse over any of those three "start" buttons while looking down at your status bar, shown in the lower left of our screen grab, you see if you click one, the real url that you will be taken to:

http://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe

if you google semantic.exe you will quickly find out that this is a trojan that:
Gathers email addresses from all .txt and .html files located on the following drives:

* C
* D
* E
* G
* F

Sends a copy of itself in an email...~source~
so apparently someone who has our email address is infected. lovely.