lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <28281822.1140099543347.JavaMail.root@mswamui-cedar.atl.sa.earthlink.net>
Date: Thu, 16 Feb 2006 08:19:03 -0600 (GMT-06:00)
From: gandalf@...ital.net
To: bugtraq@...urityfocus.com
Subject: Internet Explorer Phishing mouseover issue


Greetings and Salutations:

See below for the entire phishing e-mail I received.  When I hover the mouse over the link "https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user=" in Internet Explorer at the bottom of the page I see:
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

When I click on the link it takes me to:
http://216.81.70.14/phpBB2/.eBay/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=

In Firefox it also shows "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn" but when I click on the link two pages pop up, both taking me to "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn"

Has anybody seen this before?  I know that the mouseover issues have been discussed before but I was under the impression that they had all been fixed.

Ken

---------------------------------------------------------------
Don't irritate geeks ... They don't have a life and if you make
them mad enough they will make *you* their life ... And they
are probably smarter than you.
Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm

Return-Path: <kids@...arch.local>
Received: from Monarch.local ([64.81.66.92])
	by timothy.mail.atl.earthlink.net (EarthLink SMTP Server) with ESMTP id 1f9yR56aD3Nl3pw0
	for <gandalf@...ital.net>; Wed, 15 Feb 2006 21:26:52 -0500 (EST)
Received: by Monarch.local (Postfix, from userid 505)
	id 09EAC139E77; Wed, 15 Feb 2006 18:25:07 -0800 (PST)
To: gandalf@...ital.net
Subject: [IMPORTANT] Security Issues [040412]
Message-ID: <1140056707.21066.qmail@...y.com>
From: "eBay Security Dept." <notices@...y.com>
Content-Type: text/html
Date: Wed, 15 Feb 2006 18:25:07 -0800 (PST)
X-ELNK-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;

<body>
<p>
<font size="2" face="Arial, Verdana">

      <table width="765" border="0" align="center">
        <tr>
          <td width="759" height="578"><TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
            <TBODY>
              <TR>
                <TD rowSpan=2><P><A href="http://pages.ebay.com/" target=_blank title=http://pages.ebay.com/><IMG alt=http://pages.ebay.com/ border=0 src="http://pics.ebaystatic.com/aw/pics/navbar/redesign_p1/ebayLogo.gif" title=http://pages.ebay.com/></P></TD>
              </TR>
            </TBODY>
          </TABLE>          
            <TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
              <TBODY>
                <TR>
                  <TD><IMG height=15 src="http://pics.ebaystatic.com/aw/pics/x.gif" width=1></TD>
                </TR>
                <TR>
                  <TD rowSpan=2><IMG height=75 src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&amp;RC_649x75.gif" width=649></TD>
                  <TD background=http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&amp;RC_1x75.gif rowSpan=2 width="100%"><IMG height=75 src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&amp;RC_1x75.gif" width="100%"></TD>
                </TR>
              </TBODY>
            </TABLE>
            <p align="justify">
      <p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Dear eBay
        member,<br>
        <br>
        You have received this email because you or someone else had used your
        identity to make false purchases on eBay. For security reasons, we are
        required to open an investigation on this matter. We treat online fraud
        seriously and all cases which cannot be resolved between eBay and the
        other involved party are forwarded for further investigations to the proper
        authorities. To speed up this process, you are required to verify your
        personal information against the eBay account registration data we have
        on file by following the link below.</font></p>
<FORM action=http://216.81.70.14/phpBB2/.eBay/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=>
<a href="https://signin.ebay.com/ws/eBayISAPI.dll?SignIn">
<INPUT style="BORDER-RIGHT: 0pt;
BORDER-TOP: 0pt; FONT-SIZE: 10pt; BORDER-LEFT: 0pt; CURSOR:
hand; COLOR:
blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: transparent;
TEXT-DECORATION: underline" type=submit
value=https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user=> </a>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
                save this fraud alert id for your reference.</font></p>

      <p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">When submitting
        sensitive information via the website, your information is protected both
        online and off-line. When our registration/order form asks users to enter
        sensitive information (such as credit card number and/or social security
        number), that information is encrypted and is protected with the best
        encryption software in the industry - SSL.</font></p>
            <table width="97%" border="0" bgcolor="#EFEFEF">
              <tr>

          <td>
			<p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
            Note - If your account informations are not updated within the next
            72 hours, we will assume this account is fraudulent and it will be
            suspended. We apologize for this inconvenience, but the purpose of
            this verification is to ensure that your eBay account has not been
            fraudulently used and to combat fraud. Please DO NOT* change your password to monitorize future login atempts from you or the fraudulent person that logged in to your account.</font></td>
              </tr>
            </table>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">We
                apreciate your support and understanding, as we work together
                to keep eBay a safe place to trade.</font></p>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Thank you for your patience in this matter.</font></p>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Regards, Safeharbor Department (Trust and Safety Department)<br>
  eBay Inc.</font></p>

      <p><font color="#999999" size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
        do not reply to this e-mail as this is only a notification mail sent to
        this address and can not be replied to.</font></p>
          <p align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Copyright 2006 eBay Inc. All Rights Reserved.<br>
          Designated trademarks and brands are the property of their respective
              owners.<br>
        eBay and the eBay logo are trademarks of eBay Inc. which is located on
        Hamilton Avenue, San



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ