No, they’re not related.
First up: The Mambo Exploit. We still keep receiving packets that attempt to exploit Mambo (and a few XML-RPC exploit attempts as well). And the thing is, even though the exploit code downloads a filename that we saw, say, 2 weeks ago, the same filename now has different codes. Again, this just shows that lots of users still have not patched their Mambo installations. Oh, by the way, the malware in question appears to be a worm (again) that exploits Mambo, as well as XML-RPC.
And, another phishing attempt. This was from a friend of mine:
It’s possible that she was a vicitim of a previous phish. *sigh* I’ll have to contact her to tell her to change her password. By the way, by this time, you should already know how to spot fake URL’s. For this one, if you go the site (but i advise you not to, since I don’t know what other tricks the site has), you will be presented with a Yahoo Games Login. But then, when you look at the URL, it says sexy_photos_hot. Yahoo games? Sexy Photos? No. Also, the REAL yahoo games site is not at geocities (even though Geocities IS a part of Yahoo). It’s at games.yahoo.com.
