SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 BoA Phishing Attempt

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
babe_in_muguland
419Eater is my life


Joined: 12 Dec 2003
Posts: 482


PostPosted: Mon Jan 29, 2007 6:30 pm Reply with quoteBack to top

This one's for the records only. Brand new into my company e-mail.
Relevant hearder info:
Code:
From: "[email protected]" <[email protected]>"
Received 2: "from sls-f1p16.paradoxcafe.net (localhost.localdomain [127.0.0.1]) by sls-f1p16.paradoxcafe.net (8.12.10/8.12.10) with ESMTP id l0TIKbxg018705 for <[email protected]>; Mon, 29 Jan 2007 18:20:37 GMT"
Received 1: "(from [email protected]) by sls-f1p16.paradoxcafe.net (8.12.10/8.12.10/Submit) id l0TIKaGi018703; Mon, 29 Jan 2007 18:20:36 GMT"
SMTP Originator "[email protected]"
Subject: "Bank of America Notice"


The link in message body points to this URL:
Code:
A href="http://bonita-glass.com/catalog/images/bankofamerica/"

Quote:
Bank of America Account Notice - MBNA Bank is now part of Bank of America

We recently have discovered that multiple computers have attempted to log into your Bank of America Online Account, and multiple password failures were presented before the logons. We now require you to update your account information . If this is not completed by January 31, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. To continue please [don't click href="http://bonita-glass.com/catalog/images/bankofamerica/"]CLICK HERE[/don't click] or on the link
below to re-validate your account information :
[don't click]
href="http://bonita-glass.com/catalog/images/bankofamerica/">http://www.bankofamerica.com/cards/[/don/t click]
Sincerely,
Bank of America Team
Bank of America Security

Bank of America is the source of information about and access to domestic financial services provided by Bank of America retail banking .
View user's profileSend private message
babe_in_muguland
419Eater is my life


Joined: 12 Dec 2003
Posts: 482


PostPosted: Mon Jan 29, 2007 6:45 pm Reply with quoteBack to top

I sent a notification to [email protected] - the e-mail link on the legit site's contact page - to notify him that he has a phishing page on his server and/or web site. I'll check later to see if he replies.

The path to /catalog/images/ is login protected and now displays this message:
Quote:
0wn3d by 3sRaR
[email protected]İnuxmaiL.Org
View user's profileSend private message
Ambdrvr2
Master Baiter


Joined: 05 Sep 2006
Posts: 170


PostPosted: Mon Jan 29, 2007 10:20 pm Reply with quoteBack to top

Looks like the site is being rebuilt. So looks like the real owner caught it and is working on it....

Hopefully.

_________________
<a href="/forum/donate.php">[Click here to slap a lad! (or to donate to 419Eater.com)]</a>

"the phone is included with the extended file dilithium batteries" ....phonelad....

"we are located in United State, Kenturky."

Cellphone Cellphone Cellphone
View user's profileSend private message
babe_in_muguland
419Eater is my life


Joined: 12 Dec 2003
Posts: 482


PostPosted: Mon Jan 29, 2007 11:23 pm Reply with quoteBack to top

I chased this one a little bit more earlier, because I thought it was unusual to see a case of a script-kiddie defacement - "0wn3d by 3sRaR - [email protected]İnuxmaiL.Org" who you can find has 14 pages of stuff up at http://www.zone-h.org - plus a phishing attempt on top of the server intrusion. Another domain kaydeerecords.com/catalog that was defaced by this same script kid contains the phrase ACIKLARINIZI KAPATIN.

Searching for the language reveals the source of this defacer is possibly Baku, Azerbaijan, which is within the former Soviet Union. That could indicate this script-kid group could originate from Azerbaijan, Iran, or possibly Turkey. Actually any number of possible Turkic-speaking script-kid groups, including Europe or the U.S.
View user's profileSend private message
DrWho
Baiting Guru


Joined: 14 Jan 2004
Posts: 5486
Location: Where ever I go, there I am


PostPosted: Tue Jan 30, 2007 2:48 am Reply with quoteBack to top

I think we have seen this group before. If it is the same one I'm thinking of, they find a script for "hacking" specific vulnerability of unpatched sites and use the script to "hack" in. Nothing clever but they think they are.

_________________
"i think you people do not know whom you are talking of,i am not in any terrorist organization or planning any such of terrorist activities."
"i am not a terrorist and your america cia cna also investigate me."
"i am not a terrorist.send the shit stuff and let me get it fillied."

United Nations Mortar x12
"To Serve Man"
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT