Sunday, July 13, 2008

Doh!

Slashdot reports a pretty funny Internet attack:
"As all hardcore Simpsons fans know, Chunkylover53@aol.com was revealed to be Homer Simpsons' email address in one particular episode, registered by one of the shows writers, who would reply to fans as Homer himself. After a flood of messages, 'Homer' signed off — seemingly forever. Well in the last few days, security company Facetime Communications reports that anyone who had Homer on their AIM buddy list would have noticed his sudden reappearance. Unfortunately for all, he appears to have been hacked and pushing malware links which deposit those unlucky enough to run the file into a Turkish Botnet.
This is a good example of an attack that exploits a trust relationship - only users savvy enough to recognize this as Homer Simpson's real AOL account would be vulnerable. It's very plausible that one of these people would run an executable sent from this account.

So remember, "Click to run" is the Internet equivalent of "open your mouth and close your eyes" ....

And as always, the Slashdot comments come through with quality snark:
mmmmmmmm... trojans...

No comments:

Post a Comment

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.