lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040126013224.GOEA163351.fep03-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: Confirm Your VISA Card Email

Interesting quirk in that URL. It uses a null byte (%00) to prevent display
of the rest of the URL (which points to a Korean IP), but this sometimes
causes a browser to drop the rest of the URL as well and actually go to
Visa.com. Phisher was being a bit too smart for him/herself. 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of yossarian
Sent: January 25, 2004 7:41 PM
To: Nancy Kramer; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Confirm Your VISA Card Email

http://www.visa.com/globalgateway/gg_selectcountry.html?retcountry=1 is
where the URL takes me. Looks like just a scam to harvest mail adresses. I
had something alike from ebay, just a webbug linking it to somewhere else.
Dunno of ebay has already taken action - i sent it there just to make sure.
I can;t check since you just gave the URL - not check the pics for other
link.
----- Original Message -----
From: "Nancy Kramer" <nekramer@...dtheater.net>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, January 25, 2004 8:16 PM
Subject: [Full-Disclosure] Confirm Your VISA Card Email


> Hello All,
>
> Just got the "confirm Your VISA Card" Email.  It uses the browser
> vulnerability where it looks like it is taking you to the VISA site but
> instead has a long URL after the part you see that seems to take you to an
> IP address.  Haven't really checked it out but and sending it along in
case
> anyone is interested.  See below
>
> <A
>
HREF="http://www.visa.com%00@...%32%30%2E%36%38%2E%32%31%34%2E%32%31%33">www
.visa.com</a>
>
> The email that the user sees is html so they would just see the link.
>
> Regards,
>
> Nancy Kramer
> Webmaster http://www.americandreamcars.com
> Free Color Picture Ads for Collector Cars
> One of the Ten Best Places To Buy or Sell a Collector Car on the Web
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ