Eric wrote in with a new malicious message that is making the rounds in Europe. It's written in German, and contains a link to a Geocities account with an invisible iframe link. The content of one of the e-mails is below:
"Die Berliner U-Bahn Mitarbeiter fanden die Reste eines unbekannten Flugkoerpers.
Very interesting story about an unidentified flying object and body found in the Berlin underground. The geocities URL mentioned is different in every single mail, and points to an index.html which contains a hidden iframe pointing to a server in Hong Kong, 184.108.40.206. While this host has likely been victimized, you may wish to temporarily block it on your web proxy.
That server is hosting a file update.exe which has spotty AV coverage at this time:
AntiVir 220.127.116.11 04.16.2007 HEUR/Malware
Apr 16th 2007
1 decade ago