Blog Archive

Tuesday, 21 December 2010

Fake iTunes email isn't a phish, it's a 'sploit

An email making the rounds makes the innocent claim that “it is possible that your account password has been stolen”.


23488sd881001238812378sdfp


Expecting a phish? 


23488sd881001238812378sdfpa


Actually, no.  The site serves a malicious script.  Nevertheless, the exploits served are six to eight months old — CVE-2010–0886 (a Java exploit) and CVE-2010-1885 (a cross-site scripting method that exploits a vulnerability in Windows Help).   Downloading the latest version of Java and insuring you’re up-to-date on Windows patches will protect against any attack.



Alex Eckelberry


 

No comments:

Post a Comment