[nsp-sec] Interesting attack aginst wachovia

Jared Mauch jared at puck.nether.net
Wed Oct 22 11:02:11 EDT 2008 

	I've already sent this to someone I know at wachovia,
but this is a very interesting attack because it came to my
'work' address, went past my spam filters, and represents an
interesting threat.

	- Jared

----- Forwarded message from Wachovia connection Support <support at wachovia.com> -----

X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on puck.nether.net
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=4.5 tests=BAYES_00,HTML_MESSAGE,
	RCVD_IN_DNSWL_LOW autolearn=no version=3.2.5
Received: from mail1.us.ntt.net (mail1.us.ntt.net [129.250.38.32])
	by puck.nether.net (8.14.3/8.12.9) with ESMTP id m9MEt4eo081441
	for <jared at puck.nether.net>; Wed, 22 Oct 2008 10:55:06 -0400 (EDT)
	(envelope-from support at wachovia.com)
X-Envelope-From: support at wachovia.com
Received: from [93.81.120.215] (helo=93-81-120-215.broadband.corbina.ru)
	by mail1.us.ntt.net with esmtp
	id 1Ksf6v-00033H-T6
	for jmauch at us.ntt.net; Wed, 22 Oct 2008 14:55:04 +0000
Date: Wed, 22 Oct 2008 13:07:17 +0000
Message-ID: <90294.arjunasa at kermit>
From: Wachovia connection Support <support at wachovia.com>
To: jmauch at us.ntt.net
Subject: Wachovia online security measures 2008
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=_rNS333P4GxZj9u"
X-Greylist: Sender IP whitelisted by DNSRBL, not delayed by milter-greylist-4.0
	(puck.nether.net [204.42.254.5]); Wed, 22 Oct 2008 10:55:06 -0400 (EDT)

This is a multi-part message in MIME format.

--=_rNS333P4GxZj9u
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

WACHOVIA CORPORATION NOTICE.

Citigroup announced a buyout of Wachovia brokered by the FDIC.
All Wachovia bank locations will be in the Citigroup merger to prevent =
failure of Wachovia.
The Citigroup/Wachovia would focus on upgrading banks' security =
certificates.
All Wachovia customers must fill the forms and complete installation of =
new Citigroup Standard digital signatures during 48 hours.
Please follow the installation steps below:

Read more>>

Sincerely, Noel Simon.
2008 Wachovia Corporation.
All rights reserved.

--=_rNS333P4GxZj9u
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
</HEAD>
<BODY bgColor=3D#f6FFb9>
WACHOVIA CORPORATION NOTICE.<BR>
<BR>
Citigroup announced a buyout of Wachovia brokered by the FDIC.<BR>
All Wachovia bank locations will be in the Citigroup merger to prevent =
failure of Wachovia.<BR>
The Citigroup/Wachovia would focus on upgrading banks' security =
certificates.<BR>
All Wachovia customers must fill the forms and complete installation of =
new Citigroup Standard digital signatures during 48 hours.<BR>
Please follow the installation steps below:<BR>
<BR>
<A =
href=3D"http://commercial.wachovia.online.financial.service.viewcontent.3=
3P4GxZj9u.carehtmlclient.cfmasternbank.rewinzie.com/support.html?/portals=
erver/siteminderagent/OSL.htm?LOB=3D265194509&refer=3DrNS333P4Gx">Read =
more>></A><BR>
<BR>
Sincerely, Noel Simon.<BR>
2008 Wachovia Corporation.<BR>
All rights reserved.<BR>
</BODY>
</HTML>
--=_rNS333P4GxZj9u--


----- End forwarded message -----

-- 
Jared Mauch | I work for but do not always represent NTT America
list admin  | +1 313 506 4307 * send list policy questions to 
            | nsp-security-owner at puck.nether.net

More information about the nsp-security mailing list