[nsp-sec] [SPAM][100%] Amazon-based phishing site
Dave Burke
dave at amazon.com
Wed Jan 12 15:36:40 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK - Thanks.
On 12/01/2011 19:05, Daniel Robert Adinolfi wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> We saw the following today. The phishing link points to ec2-79-125-112-185.eu-west-1.compute.amazonaws.com. If there are any contacts with Amazon on the list, please take note and take hostile action toward the site.
>
> Full URL:
> <http://ec2-79-125-112-185.eu-west-1.compute.amazonaws.com/secure/75834acc8790ubbcrqqo8787676a6758767c9870987098cd908ootc87560c2344563463cabb6587/index.html>
>
> Thanks.
>
> -Dan
>
>
> _________________
> Daniel Adinolfi, CISSP
> Senior Security Engineer, IT Security Office
> Cornell University - Office of Information Technologies
> email: dra1 at cornell.edu phone: 607-255-7657
>
> _________________________________________________________________________
>
>
>
> From: Bank of America Alert [mailto:customer_service at bankofamerica.com]
> Sent: Wednesday, January 12, 2011 1:51 PM
> Subject: Online Banking Has Been Locked?
> Importance: High
>
> [cid:~WRD000.jpg]
>
>
> Dear Bank of America customer,
>
> During our regularly scheduled account maintenance and verification procedu=
> res, we have detected a slight error in your account information.
>
> This might be due to either of the following reasons:
>
> 1. A recent change in your personal information ( i.e.change of address).
> 2. Submiting invalid information during the initial sign up process.
> 3. An inability to accurately verify your selected option of payment due to=
> an internal error within our processors.
>
> Due to this, we require you to confirm and verify your account information =
> by clicking the link below:
>
> Click here to start the confirmation process<http://ec2-79-125-112-185.eu-w=
> est-1.compute.amazonaws.com/secure/75834acc8790ubbcrqqo8787676a6758767c9870=
> 987098cd908ootc87560c2344563463cabb6587/index.html>
>
> If your account information is not confirmed and verified within a certain =
> period of time then your ability to access
> your account would become restricted.
>
> Thank you
>
> Bank of America Account Management Deptartment .
>
> ________________________________
>
>
> Bank of America, N.A. Member FDIC. Equal Housing Lender[cid:image001.jpg at 01=
> CBB260.F41718B0]
> =A9 2010 Bank of America Corporation. All rights reserved.
> Designated trademarks and brands are the property of their respective owner=
> s.
>
>
>
> --_000_D28A53B92F680B4DA618BC1710F646A52F2B936EC6MBXBexchangec_
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
> osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
> //www.w3.org/TR/REC-html40"><head>
> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
> 1"><meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)"=
>> <!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
> o\:* {behavior:url(#default#VML);}
> w\:* {behavior:url(#default#VML);}
> .shape {behavior:url(#default#VML);}
> </style><![endif]--><style><!--
> /* Font Definitions */
> @font-face
> {font-family:Calibri;
> panose-1:2 15 5 2 2 2 4 3 2 4;}
> @font-face
> {font-family:Tahoma;
> panose-1:2 11 6 4 3 5 4 4 2 4;}
> /* Style Definitions */
> p.MsoNormal, li.MsoNormal, div.MsoNormal
> {margin:0in;
> margin-bottom:.0001pt;
> font-size:12.0pt;
> font-family:"Times New Roman","serif";}
> a:link, span.MsoHyperlink
> {mso-style-priority:99;
> color:blue;
> text-decoration:underline;}
> a:visited, span.MsoHyperlinkFollowed
> {mso-style-priority:99;
> color:purple;
> text-decoration:underline;}
> p
> {mso-style-priority:99;
> mso-margin-top-alt:auto;
> margin-right:0in;
> mso-margin-bottom-alt:auto;
> margin-left:0in;
> font-size:12.0pt;
> font-family:"Times New Roman","serif";}
> p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
> {mso-style-priority:99;
> mso-style-link:"Balloon Text Char";
> margin:0in;
> margin-bottom:.0001pt;
> font-size:8.0pt;
> font-family:"Tahoma","sans-serif";}
> span.EmailStyle19
> {mso-style-type:personal-reply;
> font-family:"Calibri","sans-serif";
> color:#1F497D;}
> span.BalloonTextChar
> {mso-style-name:"Balloon Text Char";
> mso-style-priority:99;
> mso-style-link:"Balloon Text";
> font-family:"Tahoma","sans-serif";}
> .MsoChpDefault
> {mso-style-type:export-only;
> font-family:"Calibri","sans-serif";}
> @page WordSection1
> {size:8.5in 11.0in;
> margin:1.0in 1.0in 1.0in 1.0in;}
> div.WordSection1
> {page:WordSection1;}
> --></style><!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]--></head><body lang=3D"EN-US" link=3D"blue"=
> vlink=3D"purple"><div class=3D"WordSection1"><p class=3D"MsoNormal"><span =
> style=3D"font-size:11.0pt;font-family:"Calibri","sans-serif&=
> quot;;color:#1F497D"><I am reporting this email as phishing><o:p></o:=
> p></span></p><p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-fa=
> mily:"Calibri","sans-serif";color:#1F497D"><o:p> <=
> /o:p></span></p><p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;f=
> ont-family:"Tahoma","sans-serif"">From:</span></b><span=
> style=3D"font-size:10.0pt;font-family:"Tahoma","sans-serif&=
> quot;"> Bank of America Alert [mailto:customer_service at bankofamerica.com] <=
> br><b>Sent:</b> Wednesday, January 12, 2011 1:51 PM<br><b>Subject:</b> Onli=
> ne Banking Has Been Locked?<br><b>Importance:</b> High<o:p></o:p></span></p=
>> <p class=3D"MsoNormal"><o:p> </o:p></p><table class=3D"MsoNormalTable=
> " border=3D"0" cellspacing=3D"3" cellpadding=3D"0" width=3D"100%" style=3D"=
> width:100.0%"><tr><td style=3D"padding:.75pt .75pt .75pt .75pt"><p class=3D=
> "MsoNormal"><span style=3D"border:solid windowtext 1.0pt;padding:0in"><img =
> width=3D"100" height=3D"100" id=3D"Picture_x0020_1" src=3D"cid:~WRD000.jpg"=
> alt=3D"Description: Image removed by sender."></span><o:p></o:p></p></td><=
> /tr></table><p>Dear Bank of America customer,<o:p></o:p></p><p>During our r=
> egularly scheduled account maintenance and verification procedures, we have=
> detected a slight error in your account information.<o:p></o:p></p><p>This=
> might be due to either of the following reasons:<o:p></o:p></p><p><strong>=
> 1.</strong> A recent change in your personal information ( i.e.change of ad=
> dress).<br><strong>2.</strong> Submiting invalid information during the ini=
> tial sign up process.<br><strong>3.</strong> An inability to accurately ver=
> ify your selected option of payment due to an internal error within our pro=
> cessors.<o:p></o:p></p><p>Due to this, we require you to confirm and verify=
> your account information by clicking the link below: <o:p></o:p></p><p><a =
> href=3D"http://ec2-79-125-112-185.eu-west-1.compute.amazonaws.com/secure/75=
> 834acc8790ubbcrqqo8787676a6758767c9870987098cd908ootc87560c2344563463cabb65=
> 87/index.html">Click here to start the confirmation process</a><o:p></o:p><=
> /p><p>If your account information is not confirmed and verified within a ce=
> rtain period of time then your ability to access<br>your account would beco=
> me restricted.<o:p></o:p></p><p>Thank you<o:p></o:p></p><p>Bank of America =
> Account Management Deptartment .<o:p></o:p></p><table class=3D"MsoNormalTab=
> le" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" width=3D"600" style=3D=
> "width:5.0in"><tr><td colspan=3D"2" style=3D"padding:0in 0in 0in 0in"><div =
> class=3D"MsoNormal"><hr size=3D"3" width=3D"750" style=3D"width:6.25in" ali=
> gn=3D"left"></div></td></tr><tr style=3D"height:18.6pt"><td width=3D"450" v=
> align=3D"top" style=3D"width:3.75in;padding:0in 0in 0in 0in;height:18.6pt">=
> <p style=3D"margin-bottom:12.0pt"><span style=3D"font-size:10.0pt">Bank of =
> America, N.A. Member FDIC. Equal Housing Lender<span style=3D"border:solid =
> windowtext 1.0pt;padding:0in"><img border=3D"0" width=3D"14" height=3D"9" i=
> d=3D"Picture_x0020_3" src=3D"cid:image001.jpg at 01CBB260.F41718B0" alt=3D"Des=
> cription: Image removed by sender. Equal Housing Lender"></span><br>=A9 201=
> 0 Bank of America Corporation. All rights reserved.</span><span style=3D"fo=
> nt-size:7.5pt;font-family:"Arial","sans-serif""><br>Des=
> ignated trademarks and brands are the property of their respective owners.<=
> /span><o:p></o:p></p></td><td style=3D"padding:0in 0in 0in 0in;height:18.6p=
> t"></td></tr></table><p class=3D"MsoNormal"><span style=3D"font-size:10.0pt=
> ;font-family:"Calibri","sans-serif""><o:p> </o:p><=
> /span></p></div></body></html>=
>
> --_000_D28A53B92F680B4DA618BC1710F646A52F2B936EC6MBXBexchangec_--
>
> --_005_D28A53B92F680B4DA618BC1710F646A52F2B936EC6MBXBexchangec_
> Content-Type: image/jpeg; name="~WRD000.jpg"
> Content-Description: ~WRD000.jpg
> Content-Disposition: inline; filename="~WRD000.jpg"; size=888;
> creation-date="Wed, 12 Jan 2011 08:59:01 GMT";
> modification-date="Wed, 12 Jan 2011 08:59:01 GMT"
> Content-ID: <~WRD000.jpg>
> Content-Transfer-Encoding: base64
>
> /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
> HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
> MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABkAGQDASIA
> AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
> AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
> ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
> p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
> AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
> BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
> U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
> uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii
> gAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKA
> CiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAK
> KKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAoo
> ooAKKKKACiiigAooooAKKKKACiiigD//2Q==
>
> --_005_D28A53B92F680B4DA618BC1710F646A52F2B936EC6MBXBexchangec_
> Content-Type: image/jpeg; name="image001.jpg"
> Content-Description: image001.jpg
> Content-Disposition: inline; filename="image001.jpg"; size=400;
> creation-date="Wed, 12 Jan 2011 08:59:41 GMT";
> modification-date="Wed, 12 Jan 2011 08:59:41 GMT"
> Content-ID: <image001.jpg at 01CBB260.F41718B0>
> Content-Transfer-Encoding: base64
>
> /9j/4AAQSkZJRgABAQEAeAB4AAD/2wBDAAoHBwkHBgoJCAkLCwoMDxkQDw4ODx4WFxIZJCAmJSMg
> IyIoLTkwKCo2KyIjMkQyNjs9QEBAJjBGS0U+Sjk/QD3/wAALCAAJAA4BAREA/8QAHwAAAQUBAQEB
> AQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1Fh
> ByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZ
> WmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG
> x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APZqKKK//9k=
>
> --_005_D28A53B92F680B4DA618BC1710F646A52F2B936EC6MBXBexchangec_--
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0uENgACgkQvMJ1IGjTxcH9oQCfUI6Fwr+jz4HYfg9cVjnyOasS
q6MAoJve/+H9wKpoUtIFBPTZugQF8mkT
=tnXq
-----END PGP SIGNATURE-----
Amazon Data Services Ireland Limited registered office: Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland. Registered in Ireland. Registration number 390566.
More information about the nsp-security
mailing list