Exim on FreeBSD

Unanswered Question
Aug 28th, 2007

I'm seeing a lot of this lately and they're all sent from Exim 4.6x on FreeBSD

Anyone else seeing this? I don't see a known vulnerability in Exim posted anywhere.

<html>
<body>
What are you thinking...if pat sees this your divorced dude. :-{) see for yourself... <a>http://www.youtube.com/watch?v=9pVYeTXMJ1l</a>
</body>
</html>

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Donald Nash Fri, 08/31/2007 - 17:17

It's one of the latest social engineering exploits: an updated version of the "Storm" trojan. The YouTube link is bogus, you actually get taken to some cracked machine with a cheesy mockup of YouTube. On that page is a link to download a file called "video.exe", which is the exploit program. If you are inferring that the sending host is Exim/FreeBSD based on the headers of the message, then that's probably a mistake because those are almost certainly forged.

Actions

This Discussion