Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1510
Views
0
Helpful
1
Replies

Exim on FreeBSD

iscinc_ironport
Level 1
Level 1

‎08-28-2007 04:29 PM

I'm seeing a lot of this lately and they're all sent from Exim 4.6x on FreeBSD

Anyone else seeing this? I don't see a known vulnerability in Exim posted anywhere.

<html>
<body>
What are you thinking...if pat sees this your divorced dude. :-{) see for yourself... <a>http://www.youtube.com/watch?v=9pVYeTXMJ1l</a>
</body>
</html>

Labels:
0 Helpful
1 Reply 1

Donald Nash
Level 3
Level 3

‎08-31-2007 05:17 PM

It's one of the latest social engineering exploits: an updated version of the "Storm" trojan. The YouTube link is bogus, you actually get taken to some cracked machine with a cheesy mockup of YouTube. On that page is a link to download a file called "video.exe", which is the exploit program. If you are inferring that the sending host is Exim/FreeBSD based on the headers of the message, then that's probably a mistake because those are almost certainly forged.

0 Helpful
Customers Also Viewed These Support Documents