[Tfug] Exploiting docs.google.com

erich erich1 at copper.net
Mon Jul 13 21:38:49 MST 2009


OK,
         I have a acquaintance of mine who is frantic. He has a Yahoo
web mail account, and in the past week an agent apparently originating
from Yahoo has used his address book to send spam.

         In it's most recent attack attempt, it sends a message with a link
to a place in docs.google.com that displays this ad for some gambling
website. You click on the display ad and it attempts to download
a *.exe to your computer. In other words the attacker is using Google
to:
              1) Display a socially-engineered ad to lure someone.

              2) Harbor a malicious *.exe to download.

          Never mind Google. Can some agent within Yahoo grab your
e-mail address list for an exploit?

                                                                  Erich




More information about the tfug mailing list