Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: 3 new MS patches next week... but none fix 0x01!

Re: 3 new MS patches next week... but none fix 0x01!

From: J G <sixsigma98_at_hotmail.com>
Date: Sun, 11 Jan 2004 02:10:18 +0000

Hi Mary,

What's the subject of the Citibank email you just received? I'd like to
block it on our SMTP gateways.

Thanks,

Ray

>From: "Mary Landesman" <mlande_at_bellsouth.net>
>To: <nick_at_virus-l.demon.co.uk>, <full-disclosure_at_lists.netsys.com>
>Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
>0x01!
>Date: Sat, 10 Jan 2004 20:26:20 -0500
>
>There now seems to be an active Citibank phishing email exploiting the 0x01
>vulnerability. The message states in part:
>------------------------
>On January 10th 2004 Citibank had to block some accounts in our system
>connected with money laundering, credit card fraud, terrorism and check
>fraud activity. The information in regards to those accounts has been
>passed
>to our correspondent banks, local, federal and international authorities.
>
>Due to our extensive database operations some accounts may have been
>changed. We are asking our customers to check their checking and savings
>accounts if they are active or if their current balance is correct.
>
>Citibank notifies all it's customers in cases of high fraud or criminal
>activity and asks you to check your account's balances. If you suspect or
>have found any fraud activity on your account please let us know by logging
>in at the link below.
>------------------------
>
>The link is a button. When clicked, it takes the user to an address that
>"seems" to be citibank.com. Instead it is really
>http://211.239.150.170/login/login.htm. I've just received a copy of it and
>verified that the site is still active.
>
>The IP resolves to:
>
>[ ISP Organization Information ]
>Org Name : Enterprise Networks
>Service Name : ENTERPRISENET
>Org Address : GNG IDC B/D, 343-1 Yhatap-dong, Pundang-gu, Seongnam
>
>[ ISP IP Admin Contact Information ]
>Name : Hyo-Sun, Chang
>Phone : +82-2-2105-6082
>Fax : +82-2-2105-6100
>E-Mail : ip_at_epnetworks.co.kr
>
>[ ISP IP Tech Contact Information ]
>Name : IP
>Phone : +82-2-2105-6016
>Fax : +82-2-2105-6100
>E-mail : ip_at_epnetworks.co.kr
>
>[ ISP Network Abuse Contact Information ]
>Name : Postmaster
>Phone : +82-2-2105-6075
>Fax : +82-2-2105-6100
>E-mail : abuse_at_epnetworks.co.kr
>
>Regards,
>Mary Landesman
>Antivirus About.com Guide
>http://antivirus.about.com
>
>
>----- Original Message -----
>From: "Nick FitzGerald" asked:
>
> > OK -- is HSBC bank a large enough client of Microsoft's??
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________
Learn how to choose, serve, and enjoy wine at Wine @ MSN.
http://wine.msn.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 11 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos