headers
Geert Mak | 16 Jul 2011 01:33

Fwd: UPDATE YOUR E-MAIL SECURITY IMMEDIATELY (IUEU)

spamassassin decided this is spam?

Begin forwarded message:

From: "Squirrel Mail Development Team"<ldtumaneng <at> 3mail.org>
Date: 15. Juli 2011 20:21:24 MESZ
To: undisclosed-recipients:;
Subject: UPDATE YOUR E-MAIL SECURITY IMMEDIATELY (IUEU)

Dear E-Mail User

Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced to release 1.4.15 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server.
So upgrade to  Squirrel Mail Development Team by  click Squirrel Mail Login SquirrelMail 1.4.15 Released

We STRONGLY advise all users of 1.4.11, 1.4.12 and 1.4.13 upgrade immediately.
 

 
 

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel <at> lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Permalink | Reply | 3 comments |
headers
Pau Amma | 16 Jul 2011 16:59

Re: Phishing/scam attempt (was Fwd: UPDATE YOUR E-MAIL SEC...)

On Fri, July 15, 2011 11:33 pm, Geert Mak wrote:
> spamassassin decided this is spam?

A quick look through the email says SA is very likely right (technically,
it's a phishing attempt, not spam, but...)

> Begin forwarded message:
>
>> From: "Squirrel Mail Development Team"<ldtumaneng <at> 3mail.org>

Wrong sender email address, wrong spelling (it's squirrelmail, not
"squirrel mail")

>> To: undisclosed-recipients:;

Missing recipient email address (should have the SM announce list there)

>> Subject: UPDATE YOUR E-MAIL SECURITY IMMEDIATELY (IUEU)

All-caps subject, missing the list header (the equivalent of [SM-DEVEL] 
for the announce list)

>> Dear E-Mail User
>>
>> Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced
>> to release 1.4.15

Quick quiz: what's the latest 1.4.x release? (hint: it was announced less
than 3 weeks ago)

 to ensure no confusions. While initial review didn't
>> uncover a need for concern, several proof of concepts show that the
>> package alterations introduce a high risk security issue, allowing
>> remote inclusion of files. These changes would allow a remote user the
>> ability to execute exploit code on a victim machine, without any user
>> interaction on the victim's server. This could grant the attacker the
>> ability to deploy further code on the victim's server.

Wording/grammar scream "ESL speaker" to me (this isn't bad per se, and
wouldn't prove anything by itself, but it's another indication that
something's off).

>> So upgrade to  Squirrel Mail Development Team by  click Squirrel Mail
>> Login SquirrelMail 1.4.15 Released

I'm guessing there was a link to an attack/compromised/phishing webpage
there.

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel <at> lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Permalink | Reply | 2 comments |
headers
Michelle Konzack | 16 Jul 2011 22:23

Re: Phishing/scam attempt (was Fwd: UPDATE YOUR E-MAIL SEC...)

Hello Pau Amma,

Am 2011-07-16 14:59:32, hacktest Du folgendes herunter:
> >> Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced
> >> to release 1.4.15
> 
> Quick quiz: what's the latest 1.4.x release? (hint: it was announced less
> than 3 weeks ago)

Ehm?  You man 4 days ago:  1.4.22

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems <at> tdnet France            itsystems <at> tdnet
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)             Gewerbe Straße 3
50, rue de Soultz                 77694 Kehl/Germany
67100 Strasbourg/France           Tel: +49-177-9351947  mobil
Tel: +33-6-61925193 mobil         Tel: +49-176-86004575 office

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle <at> jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel <at> lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Permalink | Reply | 1 comment |
headers
Pau Amma | 17 Jul 2011 16:15

Re: Phishing/scam attempt (was Fwd: UPDATE YOUR E-MAIL SEC...)

On Sat, July 16, 2011 8:23 pm, Michelle Konzack wrote:
> Hello Pau Amma,

Hiya

> Am 2011-07-16 14:59:32, hacktest Du folgendes herunter:
>> >> Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are
>> >> forced to release 1.4.15
>>
>> Quick quiz: what's the latest 1.4.x release? (hint: it was announced
>> less than 3 weeks ago)
>
> Ehm?  You man 4 days ago:  1.4.22

Yep. I just finished catching up on backlogged email and couldn't remember
when exactly that announcement was sent so I took the easy way out.

------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel <at> lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel
Permalink | Reply | 0 comments |

Gmane