Angeblich von Squirrelmail

[Mocca]

Das stell ich jetzt einfach mal hier rein, weil es mir doch sehr komisch vorkommt:

header:

01: From - Wed Jul 01 xx:xx:xx 2009
02: X-Account-Key: account3
03: X-UIDL: [UID filtered]
04: X-Mozilla-Status: 0001
05: X-Mozilla-Status2: 00000000
06: X-Mozilla-Keys:                                                                        
07: 	        
08: X-Envelope-From: <security [at] squirrelmail.org>
09: X-Envelope-To: <poor [at] spamvictim.tld>
10: X-Delivery-Time: 1246440051
11: X-UID: [UID filtered]
12: Return-Path: <security [at] squirrelmail.org>
13: X-RZG-FWD-BY: info [at] meine-domain.de
14: Received: from RZmta-intern (client mail forwarder) by mailin.webmailer.de (bertie mi6)
15: 	(RZmta 18.46) for <poor [at] spamvictim.tld>; Wed, 1 Jul 2009 xx:xx:xx +0200 (MEST)
16: To: poor [at] spamvictim.tld
17: X-RZG-CLASS-ID: [ID filtered]
18: Received: from batelco.com.bh (cgpfe2.batelco.com.bh [193.188.97.110]) by
19: 	mailin.webmailer.de (bertie mi6) (RZmta 18.46) with ESMTP ID: [ID filtered]
20: Received: from [61.137.93.80] (account bfpa [at] batelco.com.bh HELO User) by
21: 	cgpfe2.batelco.com.bh (CommuniGate Pro SMTP 5.2.13) with ESMTPA ID: [ID filtered]
22: From: "Squirrel Mail Development Team"<security [at] squirrelmail.org>
23: Subject: Internet Users Email Upgrade(IUEU)
24: Date: Wed, 1 Jul 2009 xx:xx:xx +0200
25: MIME-Version: 1.0
26: Content-Type: text/html; charset="Windows-1251"
27: Content-Transfer-Encoding: 7bit
28: X-Priority: 3
29: X-MSMail-Priority: Normal
30: X-Mailer: Microsoft Outlook Express 6.00.2600.0000
31: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
32: Message-ID: [ID filtered]

Dear E-Mail User

Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced to release 1.4.15 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server.
So upgrade to Squirrel Mail Development Team by ^whois: [Link nur für registrierte Mitglieder sichtbar. ]/verify.php click Squirrel Mail Login SquirrelMail 1.4.15 Released

We STRONGLY advise all users of 1.4.11, 1.4.12 and 1.4.13 upgrade immediately.

.

Also erstens kommt das Ding aus China, zweitens an die info-Addy und drittens nutzen wir Squirrel nicht.

Grüße
Mocca

[truelife]

^whois: [Link nur für registrierte Mitglieder sichtbar. ] verify.php--> Phishing. Würd ich mal meinen...

[alariel]

Zudem kommt: Jede Adresse wird mit jedem Passwort akzeptiert.
Es erfolgt dann eine Weiterleitung zur Squirrelmail-Seite.

Ob das was mit dem Serverhacking (siehe deren News) zu tun hat? Vielleicht wollen die da ja wieder ran...

[truelife]

support[at]zeroto360.com hat nun Post. Hoffentlich nehmen die die PHP bald offline...

[truelife]

Answer already here:

I'm confused. How did that file get on my server?

Good question, indeed... But it is still online...

[truelife]

Thanks for your help. The file has since been deleted and the folder
permissions updated. All is well again. Thanks

[Mocca]

Man ist wohl umgezogen! Der Link verweist jetzt auf:
^whois: [Link nur für registrierte Mitglieder sichtbar. ]/_analog/b/verify.php

Grüße
Mocca

[truelife]

--> ^whois: [Link nur für registrierte Mitglieder sichtbar. ]

Hacked By Axy©

Hacked By Axy / Romania

Romanian Hackers`s => [Link nur für registrierte Mitglieder sichtbar. ] , Romanian Hacker`s© |2009-2010©

Selbe Mail wie zuvor (nur mit neuer URL) ging an die im Whois hinterlegte Mailadresse...