lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: nick at ethicsdesign.com (Nick Jacobsen)
Subject: : Attempt to steal paypal password

I see  this crap posted to the list all the time, and I have to ask,
what does this have to do with computer security?  If someone falls for
one of these scams, it is pure user error.  There are a few exceptions
to this rule, such as if the email uses an exploit of some sort to
change your hosts file, but this is very much not in that category.
These are so common that I am suprised you even noticed getting the damn
thing.
 
Nick Jacobsen
Ethics Design
nick@...icsdesign.com <mailto:nick@...icsdesign.com> 
 

	-----Original Message----- 
	From: Michael Linke 
	Sent: Tue 11/11/2003 1:04 AM 
	To: full-disclosure@...ts.netsys.com 
	Cc: 
	Subject: [Full-Disclosure] [Full-Disclosure]: Attempt to steal
paypal password
	
	

	There seams to be a new faked Email on the way since today
morning, with the
	subject "PayPal User Agreement 9".
	The Email is in html form and content a Hyperlink named
	
	https://www.paypal.com/cgi-bin/webscr?cmd=login-run
	But under this hyperlink is not paypal, it is:
	
	http://www.paypal.com@...191.16.16/.
	
	
	So someone is going to collect paypal passwords. Using this
password an
	attacker can send money from there. The whole action seams to be
a spamming
	attempt sent to random email addresses, because the receiver
Email Address
	Michael@...ley-power.de is not registered at paypal.
	
	
	According ARIN Whois the IP Search 64.191.16.16 belongs to:
	
	
	OrgName:    Network Operations Center Inc.
	OrgID:      NOC
	Address:    PO Box 591
	City:       Scranton
	StateProv:  PA
	PostalCode: 18501-0591
	Country:    US
	
	The Email comes from 68.77.201.24.
	(X-RBL-Warning: (dialup.bl.kundenserver.de) this mail has been
received from
	a dialup host.)
	
	
	Email Header below. The Email Msg is attached to this email.
	
	---------------------------------------------
	Return-path: <support@...pal.com>
	Envelope-to: michael@...ley-power.de
	Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100
	Received: from [68.77.201.24]
	(helo=adsl-68-77-201-24.dsl.milwwi.ameritech.net)
	        by mxng14.kundenserver.de with smtp (Exim 3.35 #1)
	        id 1AJNbg-0005Xc-00
	        for michael@...ley-power.de; Tue, 11 Nov 2003 02:46:17
+0100
	Received: from paypal.com (smtp2.sc5.paypal.com [64.4.244.75])
	        by adsl-68-77-201-24.dsl.milwwi.ameritech.net (Postfix)
with ESMTP
	id D7A073BEBC
	        for <michael@...ley-power.de>; Mon, 10 Nov 2003 19:46:12
-0600
	From: Support <support@...pal.com>
	To: Michael <michael@...ley-power.de>
	Subject: PayPal User Agreement 9
	Date: Mon, 10 Nov 2003 19:46:12 -0600
	Message-ID: <110001c3a7f5$1fe9490f$e212810a@...pal.com>
	MIME-Version: 1.0
	Content-Type: text/html
	Content-Transfer-Encoding: quoted-printable
	X-Priority: 1 (Highest)
	X-MSMail-Priority: High
	X-Mailer: Microsoft Outlook, Build 10.0.2616
	Importance: High
	X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
	X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been
received from
	a dialup host.
	-------------------------------------------------------
	

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 6954 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031111/dc1c034c/attachment.bin

Powered by blists - more mailing lists