Why is this URL dangerous?

F

Franky

My PC says the following URL found in an email is dangerous.

www.ntlworld.com/inbox/pat.curran/read.php?sessionid-19507

which activates

cid:031401Mfdab4$3f3dL780$73387018@57W81fa70re

I would imagine it is dangerous as my antivirus software also
detected a malicious file attachment on the same email.

But what is "cid:"? Is this the part that is dangerous or is it
the "www" section which is dangerous?

Thank you to anyone who can help me understand about this. Google
does not give me any real info when I search for "cid:".
 
W

Walter Schiessberg

Franky wrote on 13.08.2004 09:14:
My PC says the following URL found in an email is dangerous.

www.ntlworld.com/inbox/pat.curran/read.php?sessionid-19507
Click to expand...

Non existant, I bet.
which activates

cid:031401Mfdab4$3f3dL780$73387018@57W81fa70re
Click to expand...

This decodes to "about:blank"
I would imagine it is dangerous as my antivirus software also
detected a malicious file attachment on the same email.

But what is "cid:"? Is this the part that is dangerous or is it
the "www" section which is dangerous?
Click to expand...

No, it's the attachement.
Thank you to anyone who can help me understand about this. Google
does not give me any real info when I search for "cid:".
Click to expand...

Google gives you 410 references for
"cid:031401Mfdab4$3f3dL780$73387018@57W81fa70re"

No need for crossposting to four groups if you can find the answer in
two minutes by asking a search machine.
 
J

John Elsbury

My PC says the following URL found in an email is dangerous.

<snip malware link>

which activates

cid:031401Mfdab4$3f3dL780$73387018@57W81fa70re

I would imagine it is dangerous as my antivirus software also
detected a malicious file attachment on the same email.

But what is "cid:"? Is this the part that is dangerous or is it
the "www" section which is dangerous?

Thank you to anyone who can help me understand about this. Google
does not give me any real info when I search for "cid:".
Click to expand...

Try googling for PHP exploit or PHP spyware or PHP trojan and see what
you get. PHP files are exploitable, and exploited. Also look up the
name of whatever your AV software told you it was on your AV software
vendor's website. What is probably happening is that there will be a
series of items downloaded (or attempts, as in your case, blocked by
the AV software) which will result in unwanted software being planted
on an unprotected PC.

It is not a good idea to post links in full where you know they link
to malware sites, somebody else might get caught by the same exploit.

While on this subject, now is a very good time to get your software
updated so thet the exploitable vulnerabilities in MSIE, MSOE, and
Windows are patched. All these exploits make use of holes in those
products and if you are fully patched you don't need to worry quite so
much.
Please remove "nospam" from mailto address
when replying
 
F

Franky

Walter Schiessberg said:
Franky wrote on 13.08.2004 09:14:


Non existant, I bet.


This decodes to "about:blank"


No, it's the attachement.
Click to expand...

The attachment was deleted long ago. When I click on the link in
the email and it launches the 'cid' thing then my Opera browser
gives me a warning and the message seems to refer to a login.

I didn't record the message but it seems to me that the link is in
some way malicious. I posted here to ask if someone could explain
it.
Google gives you 410 references for
"cid:031401Mfdab4$3f3dL780$73387018@57W81fa70re"

No need for crossposting to four groups if you can find the
answer in two minutes by asking a search machine.
Click to expand...

As I explained, I didn't get the answer from Google. And i am not
sure you have necessarily got the answer either when you say it is
because of the attachment file.
 
G

Guy

Franky said:
I didn't record the message but it seems to me that the link is in
some way malicious.
Click to expand...


Put this into your Opera browser address bar: user:1@fake

Read the security warning... and think about it.
 
R

Richard S. Westmoreland

Franky said:
My PC says the following URL found in an email is dangerous.

www.ntlworld.com/inbox/pat.curran/read.php?sessionid-19507

which activates

cid:031401Mfdab4$3f3dL780$73387018@57W81fa70re

I would imagine it is dangerous as my antivirus software also
detected a malicious file attachment on the same email.

But what is "cid:"? Is this the part that is dangerous or is it
the "www" section which is dangerous?

Thank you to anyone who can help me understand about this. Google
does not give me any real info when I search for "cid:".
Click to expand...

The first "link" is just the description of the real link, which is the cid:
It tricks people into running the attachment that is included in the email.
The cid: is what is dangerous.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is this some kind of new spammer or virus trick? 6
New flaw manipulated by virus senders? 1
URL quoted in email points to message.scr which contains worm 2
SERIOUS COMPUTER VIRUS WARNING - YOUR LIFE AND HOME ARE IN DANGER 3
DANGEROUS new internet security hole 79
BearWare Comprehensive Security Plan 32
CERN Black Hole Generator Online Soon 4
French And CERN Build Massive Particle Accelerator (Black Hole Generator) Unknown Planetary Risk To 8

Top