Friday, March 19, 2010

Watch out for that squirrley malware spam

Links in this message want to trick you into downloading a virus, Trojan or some other malware. Don't click links in email unless you know the sender, and you can verify that the message is authentic. Even then, be very careful.

From: Squirrel Mail Development Team
Date: March 19, 2010 5:08:41 AM PDT

Dear E-Mail User

Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are forced to release 1.4.15 to ensure no confusions. While initial review didn't uncover a need for concern, several proof of concepts show that the package alterations introduce a high risk security issue, allowing remote inclusion of files. These changes would allow a remote user the ability to execute exploit code on a victim machine, without any user interaction on the victim's server. This could grant the attacker the ability to deploy further code on the victim's server.

So upgrade to Squirrel Mail Development Team by click Squirrel Mail Login SquirrelMail 1.4.15 Released

We STRONGLY advise all users of 1.4.11, 1.4.12 and 1.4.13 upgrade immediately.

No comments:

Post a Comment