There is a new scam making the rounds designed to gain access to websites and web servers. Like the email that pretends to be from Ebay, PayPal, or some popular bank this one is designed to look like it has come from your hosting provider asking you to install a security script on your site.
So for the record - we will never email you a php script asking that you install it into your website.
No web host would do that.
The fraudulent email looks like this:
Quote:
Dear COMPANYNAME Inc. Valued Members,
Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.
So, to secure your Web sites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
[instructionsincluded]
Thank you for using our services and products. We look forward to providing you with a unique and high quality service.
Best Regards.
|
Full story:
Symantec Security Response Weblog: Where Are All the L4m3rs?
Linear Mode
