lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1074998158.20758.19.camel@coruscant.weisserth.net>
From: tobias at weisserth.de (Tobias Weisserth)
Subject: Phishing scam - yet another Paypal phishing
	scam!

Hi everybody,

I just wanted to add another phishing scam to the "in the wild" list.

A fake Paypal email is pointing potential IE victims to a modified URL:

http://www.paypal.com%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01@....54.126.187/f/

The host 211.54.126.187 is up and running, the email address of the
administrator seems to be a fake, mail bounces immediately. The
211.54.126.187/f/ URL points to a dead page though, so maybe the admin
has already taken action.

This is the HTML source of the spam email:

Note that the mail is actually using real elements from PayPal.
Measuring the art of social engineering here, I'd say this one is pretty
clever.

What really is annoying here is that this bug already exists for several
weeks in IE and it seems MS is not willing to do something about that.

The simple minded user shouldn't use IE as long as this is still not
fixed.

####################begin#######################

<head>

<!--
  Script info: script: webscr, cmd: _login-run, template: p/gen/login, 
date: 
Fri May 23 00:45:53 2003
  web version: 17.8-91 branch: live-178
  content version: 17.8-82 branch: live-178
-->

        <title>paypal - verify your account information</title>

<META http-equiv="DESCRIPTION" content="PayPal lets you send money to 
anyone 
with email. PayPal is free for consumers and works seamlessly with your 
existing credit card and checking account. You can settle debts, borrow 
cash, divide bills or split expenses with friends all without going to 
an 
ATM or looking for your checkbook.">
<META http-equiv="KEYWORDS" content="Send, money, payments, credit, 
credit 
card, instant, money, financial services, mobile, wireless, WAP, cell 
phones, two-way pagers, Windows CE">




                <link rel="stylesheet" type="text/css" 
href="http://www.paypal.com/css/pp_styles_111402.css">







<script src="/js/pp_main.js"></script>
<link rel="shortcut icon" 
href="http://www.paypal.com/images/pp_favicon.ico">

</head>
















<body bgcolor="#ffffff"



>


<table cellSpacing="0" cellPadding="0" width="600" align="center"
border="0">
  <tbody>
    <tr>
      <td noWrap><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_home"><img
src="http://www.paypal.com/images/paypal_logo.gif" border="0"
width="117" height="35"></a></td>
      <td class="pptext" align="middle" width="100%">&nbsp;</td>
      <td class="pptext" noWrap align="right"><a
href="https://www.paypal.com/cgi-bin/webscr?cmd=_registration-run"><span
class="ppem106">Sign&nbsp;Up</span></a>&nbsp;|&nbsp;<a
href="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run">Log&nbsp;Out</a>&nbsp;|&nbsp;<a href="https://www.paypal.com/cgi-bin/webscr?cmd=_help-ext&amp;source_page=_login-run">Help</a></td>
    </tr>
  </tbody>
</table>
<br class="h5">
<table cellSpacing="0" cellPadding="0" width="100%" align="center"
border="0">
  <tbody>
    <tr>
      <td width="100%"
background="http://www.paypal.com/images/tabs/bg.gif">
        <table cellSpacing="0" cellPadding="0" align="center"
border="0">
          <tbody>
            <tr>
              <td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_home"><img alt="Welcome"
src="http://www.paypal.com/images/tabs/P_off_welcome.gif" border="0"
width="106" height="36"></a></td>
              <td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
              <td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/ema/index-outside"><img
alt="Send Money"
src="http://www.paypal.com/images/tabs/P_off_send_money.gif" border="0"
width="110" height="36"></a></td>
              <td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
              <td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/req/index-outside"><img
alt="Request Money"
src="http://www.paypal.com/images/tabs/P_off_request_money.gif"
border="0" width="130" height="36"></a></td>
              <td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
              <td><a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/mer/index-outside"><img
alt="Merchant Tools"
src="http://www.paypal.com/images/tabs/P_off_merchant_tools.gif"
border="0" width="130" height="36"></a></td>
              <td><img src="http://www.paypal.com/images/pixel.gif"
width="1" height="1"></td>
              <td><a class="pptabtext"
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/auc/index-outside"><img
alt="Auction Tools"
src="http://www.paypal.com/images/tabs/P_off_auction_tools.gif"
border="0" width="118" height="36"></a></td>
            </tr>
          </tbody>
        </table>
        <img height="20" src="http://www.paypal.com/images/pixel.gif"
width="1"></td>
      <td><img height="59" src="http://www.paypal.com/images/pixel.gif"
width="1"></td>
    </tr>
  </tbody>
</table>
<img height="10" src="http://www.paypal.com/images/pixel.gif"
width="1"><br>
<p align="center"> <br>
<table width="75%" border="0" align="center">
  <tr>
    <td><font size="2"><b>Dear paypal user, We would like to inform you
that we 
      are upgrading our server to install a better protection software.
So please 
      <a
href="http://www.paypal.com%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01@....54.126.187/f/ ">click here</a> and 
      fill in the registration form again to renew your account. Paypal
Administration.</b></font> 
    </td>
  </tr>
</table>
<p align="center">&nbsp;
<p align="center">&nbsp;
  
<p align="center"><font size="2"><b>Thank you for a using
PayPal!</b></font><br>
<table cellSpacing="0" cellPadding="0" width="600" align="center"
border="0">
    <tbody>
      <tr>
        <td class="ppfooter" align="middle"><br>
          <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/about-outside">About</a>
          | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/accounts-outside">Accounts</a>
          | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fees-outside">Fees</a>
          | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside">Privacy</a>
          | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/security-main-outside">Security
          Center</a> | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/ua-outside">User
          Agreement</a> | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/pdn/intro-outside">Developers</a>
          | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/logos-outside">Referrals</a>
          | <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=_shop-ext">Shops</a><br>
          <br>
          <img alt src="http://www.paypal.com/images/ebay_co.gif"
width="100" height="12"><br>
          <br class="h10">
          Copyright  1999-2003 PayPal. All rights reserved.<br>
          <a
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/fdic-outside">Information
          about FDIC pass-through insurance</a></td>
      </tr>
    </tbody>
  </table>
  <!-- end footer -->
  

</body>

</html>

#####################end########################

kind regards,
Tobias W.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ