lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: nick at ethicsdesign.com (Nick Jacobsen) Subject: : Attempt to steal paypal password I see this crap posted to the list all the time, and I have to ask, what does this have to do with computer security? If someone falls for one of these scams, it is pure user error. There are a few exceptions to this rule, such as if the email uses an exploit of some sort to change your hosts file, but this is very much not in that category. These are so common that I am suprised you even noticed getting the damn thing. Nick Jacobsen Ethics Design nick@...icsdesign.com <mailto:nick@...icsdesign.com> -----Original Message----- From: Michael Linke Sent: Tue 11/11/2003 1:04 AM To: full-disclosure@...ts.netsys.com Cc: Subject: [Full-Disclosure] [Full-Disclosure]: Attempt to steal paypal password There seams to be a new faked Email on the way since today morning, with the subject "PayPal User Agreement 9". The Email is in html form and content a Hyperlink named https://www.paypal.com/cgi-bin/webscr?cmd=login-run But under this hyperlink is not paypal, it is: http://www.paypal.com@...191.16.16/. So someone is going to collect paypal passwords. Using this password an attacker can send money from there. The whole action seams to be a spamming attempt sent to random email addresses, because the receiver Email Address Michael@...ley-power.de is not registered at paypal. According ARIN Whois the IP Search 64.191.16.16 belongs to: OrgName: Network Operations Center Inc. OrgID: NOC Address: PO Box 591 City: Scranton StateProv: PA PostalCode: 18501-0591 Country: US The Email comes from 68.77.201.24. (X-RBL-Warning: (dialup.bl.kundenserver.de) this mail has been received from a dialup host.) Email Header below. The Email Msg is attached to this email. --------------------------------------------- Return-path: <support@...pal.com> Envelope-to: michael@...ley-power.de Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100 Received: from [68.77.201.24] (helo=adsl-68-77-201-24.dsl.milwwi.ameritech.net) by mxng14.kundenserver.de with smtp (Exim 3.35 #1) id 1AJNbg-0005Xc-00 for michael@...ley-power.de; Tue, 11 Nov 2003 02:46:17 +0100 Received: from paypal.com (smtp2.sc5.paypal.com [64.4.244.75]) by adsl-68-77-201-24.dsl.milwwi.ameritech.net (Postfix) with ESMTP id D7A073BEBC for <michael@...ley-power.de>; Mon, 10 Nov 2003 19:46:12 -0600 From: Support <support@...pal.com> To: Michael <michael@...ley-power.de> Subject: PayPal User Agreement 9 Date: Mon, 10 Nov 2003 19:46:12 -0600 Message-ID: <110001c3a7f5$1fe9490f$e212810a@...pal.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-Priority: 1 (Highest) X-MSMail-Priority: High X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: High X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been received from a dialup host. ------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 6954 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/dc1c034c/attachment.bin
Powered by blists - more mailing lists