Mirror, mirror on the wall, who is the lamest of them all? The attacker behind this scheme hopes to find out where all the l4m3rs are (his words not mine). In a classic social engineering attack, customers have been reporting that they have received an unusual piece of spam recently.
The mail is supposedly from a hosting or collocation company and says something along the lines of this:
Dear COMPANYNAME Inc. Valued Members,
Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.
So, to secure your Web sites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php" in: "./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
Thank you for using our services and products. We look...