[<prev] [next>] [day] [month] [year] [list]
From: nick at ethicsdesign.com (Nick Jacobsen)
Subject: : Attempt to steal paypal password
I see this crap posted to the list all the time, and I have to ask,
what does this have to do with computer security? If someone falls for
one of these scams, it is pure user error. There are a few exceptions
to this rule, such as if the email uses an exploit of some sort to
change your hosts file, but this is very much not in that category.
These are so common that I am suprised you even noticed getting the damn
thing.
Nick Jacobsen
Ethics Design
nick@...icsdesign.com <mailto:nick@...icsdesign.com>
-----Original Message-----
From: Michael Linke
Sent: Tue 11/11/2003 1:04 AM
To: full-disclosure@...ts.netsys.com
Cc:
Subject: [Full-Disclosure] [Full-Disclosure]: Attempt to steal
paypal password
There seams to be a new faked Email on the way since today
morning, with the
subject "PayPal User Agreement 9".
The Email is in html form and content a Hyperlink named
https://www.paypal.com/cgi-bin/webscr?cmd=login-run
But under this hyperlink is not paypal, it is:
http://www.paypal.com@...191.16.16/.
So someone is going to collect paypal passwords. Using this
password an
attacker can send money from there. The whole action seams to be
a spamming
attempt sent to random email addresses, because the receiver
Email Address
Michael@...ley-power.de is not registered at paypal.
According ARIN Whois the IP Search 64.191.16.16 belongs to:
OrgName: Network Operations Center Inc.
OrgID: NOC
Address: PO Box 591
City: Scranton
StateProv: PA
PostalCode: 18501-0591
Country: US
The Email comes from 68.77.201.24.
(X-RBL-Warning: (dialup.bl.kundenserver.de) this mail has been
received from
a dialup host.)
Email Header below. The Email Msg is attached to this email.
---------------------------------------------
Return-path: <support@...pal.com>
Envelope-to: michael@...ley-power.de
Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100
Received: from [68.77.201.24]
(helo=adsl-68-77-201-24.dsl.milwwi.ameritech.net)
by mxng14.kundenserver.de with smtp (Exim 3.35 #1)
id 1AJNbg-0005Xc-00
for michael@...ley-power.de; Tue, 11 Nov 2003 02:46:17
+0100
Received: from paypal.com (smtp2.sc5.paypal.com [64.4.244.75])
by adsl-68-77-201-24.dsl.milwwi.ameritech.net (Postfix)
with ESMTP
id D7A073BEBC
for <michael@...ley-power.de>; Mon, 10 Nov 2003 19:46:12
-0600
From: Support <support@...pal.com>
To: Michael <michael@...ley-power.de>
Subject: PayPal User Agreement 9
Date: Mon, 10 Nov 2003 19:46:12 -0600
Message-ID: <110001c3a7f5$1fe9490f$e212810a@...pal.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: High
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been
received from
a dialup host.
-------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6954 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/dc1c034c/attachment.bin
Powered by blists - more mailing lists