[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Sea2-F15l0QF5Bwhpdf0001d2f2@hotmail.com>
From: sixsigma98 at hotmail.com (Ray P)
Subject: 3 new MS patches next week...but none fix 0x01! (Citibank)
Hi Mary
I just got a post from another forum that a second subject line is in use:
CITI-ONLINE email Veerification
followed by an email address so I blocked *citi-online* as well. That
message is full of typos and takes you to a .ru site which is now displaying
a 403 error. We had received four of the ones you got, so I notified those
four employees also.
Thanks for bringing this to the list's attention because this is about to
get right ugly,
Ray
>From: "Mary Landesman" <mlande@...lsouth.net>
>To: "J G" <sixsigma98@...mail.com>, <nick@...us-l.demon.co.uk>,
><full-disclosure@...ts.netsys.com>
>Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix
>0x01!
>Date: Sat, 10 Jan 2004 23:20:09 -0500
>
>Sorry...should have included that. The subject is: Important Fraud Alert
>from Citibank
>
>-- Mary
>
>----- Original Message -----
>From: "J G" <sixsigma98@...mail.com>
>To: <mlande@...lsouth.net>; <nick@...us-l.demon.co.uk>;
><full-disclosure@...ts.netsys.com>
>Sent: Saturday, January 10, 2004 9:10 PM
>Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix
>0x01!
>
>
>Hi Mary,
>
>What's the subject of the Citibank email you just received? I'd like to
>block it on our SMTP gateways.
>
>Thanks,
>
>Ray
>
> >From: "Mary Landesman" <mlande@...lsouth.net>
> >To: <nick@...us-l.demon.co.uk>, <full-disclosure@...ts.netsys.com>
> >Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix
> >0x01!
> >Date: Sat, 10 Jan 2004 20:26:20 -0500
> >
> >There now seems to be an active Citibank phishing email exploiting the
>0x01
> >vulnerability. The message states in part:
> >------------------------
> >On January 10th 2004 Citibank had to block some accounts in our system
> >connected with money laundering, credit card fraud, terrorism and check
> >fraud activity. The information in regards to those accounts has been
> >passed
> >to our correspondent banks, local, federal and international authorities.
> >
> >Due to our extensive database operations some accounts may have been
> >changed. We are asking our customers to check their checking and savings
> >accounts if they are active or if their current balance is correct.
> >
> >Citibank notifies all it's customers in cases of high fraud or criminal
> >activity and asks you to check your account's balances. If you suspect or
> >have found any fraud activity on your account please let us know by
>logging
> >in at the link below.
> >------------------------
> >
> >The link is a button. When clicked, it takes the user to an address that
> >"seems" to be citibank.com. Instead it is really
> >http://211.239.150.170/login/login.htm. I've just received a copy of it
>and
> >verified that the site is still active.
> >
> >The IP resolves to:
> >
> >[ ISP Organization Information ]
> >Org Name : Enterprise Networks
> >Service Name : ENTERPRISENET
> >Org Address : GNG IDC B/D, 343-1 Yhatap-dong, Pundang-gu, Seongnam
> >
> >[ ISP IP Admin Contact Information ]
> >Name : Hyo-Sun, Chang
> >Phone : +82-2-2105-6082
> >Fax : +82-2-2105-6100
> >E-Mail : ip@...etworks.co.kr
> >
> >[ ISP IP Tech Contact Information ]
> >Name : IP
> >Phone : +82-2-2105-6016
> >Fax : +82-2-2105-6100
> >E-mail : ip@...etworks.co.kr
> >
> >[ ISP Network Abuse Contact Information ]
> >Name : Postmaster
> >Phone : +82-2-2105-6075
> >Fax : +82-2-2105-6100
> >E-mail : abuse@...etworks.co.kr
> >
> >Regards,
> >Mary Landesman
> >Antivirus About.com Guide
> >http://antivirus.about.com
> >
> >
> >----- Original Message -----
> >From: "Nick FitzGerald" asked:
> >
> > > OK -- is HSBC bank a large enough client of Microsoft's??
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_________________________________________________________________
>Learn how to choose, serve, and enjoy wine at Wine @ MSN.
>http://wine.msn.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_________________________________________________________________
Scope out the new MSN Plus Internet Software — optimizes dial-up to the max!
http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1
Powered by blists - more mailing lists