Has your machine gone phishing?

Share with your network!
Several weeks ago, multiple exploits were discovered in a webmail product called RoundCube. A couple of PHP modules within that product were unsafe and allowed the execution of arbitrary code on the server. Although fixes for these vulnerabilities were included in a security update on December 16th, there are apparently a lot of unpatched RoundCube installations out there. Within the last few weeks, many RoundCube installations have become vectors for bank phishing attacks targeting mobile customers. By exploiting those vulnerable PHP modules, spammers have been able to install open proxies on mail servers, DNS servers, and other nominally secure Linux and Unix machines. I've had the chance to review logs from some of these compromised machines and they all appear to have been used to send email to SMS accounts at places like Verizon Wireless and AT&T/Cingular. The payload of those messages tends to be bank phishing of the form 'Your Credit Union account is locked due to unusual activity. Call XXX-XXX-XXXX to unlock'. If you're a system administrator, this should be a reminder to you to check all of your installed packages for security updates. Bad guys are out there, constantly testing common and uncommon software packages, looking for new and exciting ways to make use of resources that don't belong to them. Don't make it any easier for them. And, if you get one of these text messages? Don't call the number. If you're really concerned about activity on your account, call your bank via the phone number on your ATM card or in your monthly statement. You might even pop in to your local branch and talk to an associate.