Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: 3 new MS patches next week...but none fix 0x01! (Citibank)

Re: 3 new MS patches next week...but none fix 0x01! (Citibank)

From: Ray P <sixsigma98_at_hotmail.com>
Date: Sun, 11 Jan 2004 04:31:11 +0000

Hi Mary

I just got a post from another forum that a second subject line is in use:

CITI-ONLINE email Veerification

followed by an email address so I blocked *citi-online* as well. That
message is full of typos and takes you to a .ru site which is now displaying
a 403 error. We had received four of the ones you got, so I notified those
four employees also.

Thanks for bringing this to the list's attention because this is about to
get right ugly,

Ray

>From: "Mary Landesman" <mlande_at_bellsouth.net>
>To: "J G" <sixsigma98_at_hotmail.com>, <nick_at_virus-l.demon.co.uk>,
><full-disclosure_at_lists.netsys.com>
>Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
>0x01!
>Date: Sat, 10 Jan 2004 23:20:09 -0500
>
>Sorry...should have included that. The subject is: Important Fraud Alert
>from Citibank
>
>-- Mary
>
>----- Original Message -----
>From: "J G" <sixsigma98_at_hotmail.com>
>To: <mlande_at_bellsouth.net>; <nick_at_virus-l.demon.co.uk>;
><full-disclosure_at_lists.netsys.com>
>Sent: Saturday, January 10, 2004 9:10 PM
>Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
>0x01!
>
>
>Hi Mary,
>
>What's the subject of the Citibank email you just received? I'd like to
>block it on our SMTP gateways.
>
>Thanks,
>
>Ray
>
> >From: "Mary Landesman" <mlande_at_bellsouth.net>
> >To: <nick_at_virus-l.demon.co.uk>, <full-disclosure_at_lists.netsys.com>
> >Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
> >0x01!
> >Date: Sat, 10 Jan 2004 20:26:20 -0500
> >
> >There now seems to be an active Citibank phishing email exploiting the
>0x01
> >vulnerability. The message states in part:
> >------------------------
> >On January 10th 2004 Citibank had to block some accounts in our system
> >connected with money laundering, credit card fraud, terrorism and check
> >fraud activity. The information in regards to those accounts has been
> >passed
> >to our correspondent banks, local, federal and international authorities.
> >
> >Due to our extensive database operations some accounts may have been
> >changed. We are asking our customers to check their checking and savings
> >accounts if they are active or if their current balance is correct.
> >
> >Citibank notifies all it's customers in cases of high fraud or criminal
> >activity and asks you to check your account's balances. If you suspect or
> >have found any fraud activity on your account please let us know by
>logging
> >in at the link below.
> >------------------------
> >
> >The link is a button. When clicked, it takes the user to an address that
> >"seems" to be citibank.com. Instead it is really
> >http://211.239.150.170/login/login.htm. I've just received a copy of it
>and
> >verified that the site is still active.
> >
> >The IP resolves to:
> >
> >[ ISP Organization Information ]
> >Org Name : Enterprise Networks
> >Service Name : ENTERPRISENET
> >Org Address : GNG IDC B/D, 343-1 Yhatap-dong, Pundang-gu, Seongnam
> >
> >[ ISP IP Admin Contact Information ]
> >Name : Hyo-Sun, Chang
> >Phone : +82-2-2105-6082
> >Fax : +82-2-2105-6100
> >E-Mail : ip_at_epnetworks.co.kr
> >
> >[ ISP IP Tech Contact Information ]
> >Name : IP
> >Phone : +82-2-2105-6016
> >Fax : +82-2-2105-6100
> >E-mail : ip_at_epnetworks.co.kr
> >
> >[ ISP Network Abuse Contact Information ]
> >Name : Postmaster
> >Phone : +82-2-2105-6075
> >Fax : +82-2-2105-6100
> >E-mail : abuse_at_epnetworks.co.kr
> >
> >Regards,
> >Mary Landesman
> >Antivirus About.com Guide
> >http://antivirus.about.com
> >
> >
> >----- Original Message -----
> >From: "Nick FitzGerald" asked:
> >
> > > OK -- is HSBC bank a large enough client of Microsoft's??
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>_________________________________________________________________
>Learn how to choose, serve, and enjoy wine at Wine @ MSN.
>http://wine.msn.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_________________________________________________________________
There are now three new levels of MSN Hotmail Extra Storage! Learn more.
http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 11 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos