Nettica ’safeguard.php’ Hoax

Michael — Thu, 15 Feb 2007 18:35:33 +0000

This morning I received an email hoax purporting to be from Nettica, our DNS provider. Details aren’t clear yet on what it’s intent was (the attached file was encrypted, which we’re working on decrypting), but I’ll post an update as soon as we figure it out. We’re working with Nettica Support to find out what’s going on.

The email instructions appear to be referencing a Plesk installation.

Here’s a copy of the email that was sent in case anyone else receives it:

Dear Nettica Inc. valued MembersRegarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment.So, to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file “safeguard.php” in: “./public_html” or (for Windows Based servers) in: “./wwwroot” in your site.If you do not know how to use it, you can use the following instruction:For Unix/Linux or Windows based websites that use PHP/CGI/PERL/ASP:
1) Download the attachment named “safeguard.php”
2) Login to your site Control panel.
3) Open “File Manager” window.
4) Go through “Public_html” or “htdocs” (for UNIX/Linux Based servers), but for Windows Based server, please Go through “wwwroot” directory.
5) Choose “Upload Files”
6) Upload the file “safeguard.php”
7) Check its URL too “http://www.yoursite.com/safeguard.php”, if it is okThank you for using our services and products. We look forward to providing you with a unique and high quality service.

Best Regards

Nettica Inc.

[UPDATE] Nettica has added a post about this on their blog as well.

michaelkrol.com » Security

Nettica ’safeguard.php’ Hoax