Mirror, mirror on the wall, who is the lamest of them all? Theattacker behind this scheme hopes to find out where all the l4m3rs are(his words not mine). In a classic social engineering attack, customershave been reporting that they have received an unusual piece of spamrecently.
The mail is supposedly from a hosting or collocation company and says something along the lines of this:
Dear COMPANYNAME Inc. Valued Members,
Regarding our new security regulations, as a part of our yearlymaintenance we have provided a security guard script in the attachment.
So, to secure your Web sites, please use the attached file and (forUNIX/Linux Based servers) upload the file "guard.php" in:"./public_html"
or (for Windows Based servers which use ASP) upload the file "guard.asp" in: "./wwwroot" in your site.
Thank you for using our services and products. We look forward to providing you with a unique and high quality...