Full Disclosure: RE: US Bank scam

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: US Bank scam

From: "Scott Dodson" <sdodson () sdodson com>
Date: Tue, 15 Jun 2004 19:24:54 -0400

-----Original Message-----

From: full-disclosure-admin () lists netsys com

[mailto:full-disclosure->admin () lists netsys com] On Behalf Of David
Lederman

Sent: Tuesday, June 15, 2004 12:30 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] US Bank scam

This is the best phishing scam I've seen yet:
http://www.bis1bp.com/a12/index.html

I have Windows Server 2003 fully patched and this works. The program

fakes >an address bar so this

would pass through most people's safety check, after all the address

bar >clearly has the correct

address.

There are bugs in the code, for example, all your Internet Explorer

windows >will now have this

address, but again for most people would only have one window open.



With XP SP2 build 2149 (RC2) it shows up immediately below the address
bar.  

http://www.sdodson.com/phishing.jpg for a view.

--
Scott

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

US Bank scam David Lederman (Jun 15)
- Re: US Bank scam Eric LeBlanc (Jun 15)
- RE: US Bank scam Scott Dodson (Jun 15)
  - RE: US Bank scam Nick FitzGerald (Jun 15)
- <Possible follow-ups>
- Re: US Bank scam Hamby, Charles D. (Jun 15)
  - Re: US Bank scam Nick FitzGerald (Jun 15)
- RE: US Bank scam Peter B. Harvey (Information Security) (Jun 15)
- RE: US Bank scam wszumera (Jun 15)