lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Sea2-F15l0QF5Bwhpdf0001d2f2@hotmail.com>
From: sixsigma98 at hotmail.com (Ray P)
Subject: 3 new MS patches next week...but none fix 0x01! (Citibank)

Hi Mary

I just got a post from another forum that a second subject line is in use:

CITI-ONLINE email Veerification

followed by an email address so I blocked *citi-online* as well. That 
message is full of typos and takes you to a .ru site which is now displaying 
a 403 error. We had received four of the ones you got, so I notified those 
four employees also.

Thanks for bringing this to the list's attention because this is about to 
get right ugly,

Ray

>From: "Mary Landesman" <mlande@...lsouth.net>
>To: "J G" <sixsigma98@...mail.com>, <nick@...us-l.demon.co.uk>,        
><full-disclosure@...ts.netsys.com>
>Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix 
>0x01!
>Date: Sat, 10 Jan 2004 23:20:09 -0500
>
>Sorry...should have included that. The subject is: Important Fraud Alert
>from Citibank
>
>-- Mary
>
>----- Original Message -----
>From: "J G" <sixsigma98@...mail.com>
>To: <mlande@...lsouth.net>; <nick@...us-l.demon.co.uk>;
><full-disclosure@...ts.netsys.com>
>Sent: Saturday, January 10, 2004 9:10 PM
>Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix
>0x01!
>
>
>Hi Mary,
>
>What's the subject of the Citibank email you just received? I'd like to
>block it on our SMTP gateways.
>
>Thanks,
>
>Ray
>
> >From: "Mary Landesman" <mlande@...lsouth.net>
> >To: <nick@...us-l.demon.co.uk>, <full-disclosure@...ts.netsys.com>
> >Subject: Re: [Full-Disclosure] 3 new MS patches next week... but none fix
> >0x01!
> >Date: Sat, 10 Jan 2004 20:26:20 -0500
> >
> >There now seems to be an active Citibank phishing email exploiting the 
>0x01
> >vulnerability. The message states in part:
> >------------------------
> >On January 10th 2004 Citibank had to block some accounts in our system
> >connected with money laundering, credit card fraud, terrorism and check
> >fraud activity. The information in regards to those accounts has been
> >passed
> >to our correspondent banks, local, federal and international authorities.
> >
> >Due to our extensive database operations some accounts may have been
> >changed. We are asking our customers to check their checking and savings
> >accounts if they are active or if their current balance is correct.
> >
> >Citibank notifies all it's customers in cases of high fraud or criminal
> >activity and asks you to check your account's balances. If you suspect or
> >have found any fraud activity on your account please let us know by 
>logging
> >in at the link below.
> >------------------------
> >
> >The link is a button. When clicked, it takes the user to an address that
> >"seems" to be citibank.com. Instead it is really
> >http://211.239.150.170/login/login.htm. I've just received a copy of it 
>and
> >verified that the site is still active.
> >
> >The IP resolves to:
> >
> >[ ISP Organization Information ]
> >Org Name      : Enterprise Networks
> >Service Name  : ENTERPRISENET
> >Org Address   : GNG IDC B/D, 343-1 Yhatap-dong, Pundang-gu, Seongnam
> >
> >[ ISP IP Admin Contact Information ]
> >Name          : Hyo-Sun, Chang
> >Phone         : +82-2-2105-6082
> >Fax           : +82-2-2105-6100
> >E-Mail        : ip@...etworks.co.kr
> >
> >[ ISP IP Tech Contact Information ]
> >Name          : IP
> >Phone         : +82-2-2105-6016
> >Fax           : +82-2-2105-6100
> >E-mail        : ip@...etworks.co.kr
> >
> >[ ISP Network Abuse Contact Information ]
> >Name          : Postmaster
> >Phone         : +82-2-2105-6075
> >Fax           : +82-2-2105-6100
> >E-mail        : abuse@...etworks.co.kr
> >
> >Regards,
> >Mary Landesman
> >Antivirus About.com Guide
> >http://antivirus.about.com
> >
> >
> >----- Original Message -----
> >From: "Nick FitzGerald" asked:
> >
> > > OK -- is HSBC bank a large enough client of Microsoft's??
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_________________________________________________________________
>Learn how to choose, serve, and enjoy wine at Wine @ MSN.
>http://wine.msn.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_________________________________________________________________
Scope out the new MSN Plus Internet Software — optimizes dial-up to the max! 
   http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ