An Email with the Subject "Internet Users Email Upgrade (IUEU)" was received in one of Scamdex's honeypot email accounts on Wed, 26 Nov 2008 02:25:16 -0500 and has been classified as a Generic Scam Email. The sender shows as "Squirrel Mail Development Team"<upgrade@squirrelmail.org>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be added to their email address lists for spam purposes.
Dear E-Mail User
Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are
forced to release 1.4.15 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the package
alterations introduce a high risk security issue, allowing remote inclusion of
files. These changes would allow a remote user the ability to execute exploit
code on a victim machine, without any user interaction on the victim's server.
This could grant the attacker the ability to deploy further code on the victim's
server.
So upgrade to Squirrel Mail Development Team by click Squirrel
Mail Login SquirrelMail 1.4.15 Released
We STRONGLY advise all users of 1.4.11, 1.4.12 and 1.4.13 upgrade immediately.
Dear E-Mail User
Due to the package compromise of 1.4.11,1.4.12 and 1.4.13, we are
forced to release 1.4.15 to ensure no confusions. While initial review didn't
uncover a need for concern, several proof of concepts show that the package
alterations introduce a high risk security issue, allowing remote inclusion of
files. These changes would allow a remote user the ability to execute exploit
code on a victim machine, without any user interaction on the victim's server.
This could grant the attacker the ability to deploy further code on the victim's
server.
So upgrade to Squirrel Mail Development Team by click Squirrel
Mail Login SquirrelMail 1.4.15 Released
We STRONGLY advise all users of 1.4.11, 1.4.12 and 1.4.13 upgrade immediately.