Phishing & BotNets
Back to list
Re: [phishing] Fwd: FW: Experience a new way of banking.
Feb 01 2007 08:44PM
bf (illuminatus master gmail com)
For those that caught the URL flop, sorry, my coffee hadn't started working yet.
I've asked for the headers as the email was forwarded to me, we'll see.
Still an interesting approach on the attack, whatever the case I'm
going to run it through Paros for laughs and see what I get.
On 2/1/07, h.gold (at) mal-aware (dot) org [email concealed] <h.gold (at) mal-aware (dot) org [email concealed]> wrote:
> Do you have the full header on this one?
> I've already been in contact with Corp IT Security on it .. it's Metavante
> Corp. The 'GuardUno' that they're offering in the phish mail doesn't
> exist. There are some other 'interesting features' on this one that
> *really* need securing ..
> Thanks ...
> On 1 Feb 2007 at 11:21, bf wrote:
> > Good Morning List,
> > The Phish below has an interesting twist in that it offers
> > registration for a new authentication system.
> > Details:
> > Phish URL: https://business-eb.ibanking-services.com/K1/sb_login.jsp
> > Pinging business-eb.ibanking-services.com [18.104.22.168]:
> > IP address: 22.214.171.124
> > Reverse DNS: business-eb.ibanking-services.com.
> > Reverse DNS authenticity: [Verified] ASN:
> > 18434 ASN Name: METAVANTE IP range
> > connectivity: 0 Registrar (per ASN): ARIN Country
> > (per IP registrar): US [United States] Country Currency:
> > USD [United States Dollars] Country IP Range:
> > 126.96.36.199 to 188.8.131.52 Country fraud profile: Normal
> > City (per outside source): Raleigh, North Carolina Country (per
> > outside source): US [United States] Private (internal) IP?
> > No IP address registrar: whois.arin.net Known Proxy?
> > No Link for WHOIS: 184.108.40.206
> > ########## phish below ##############
> > -----Original Message-----
> > From: Woodrow Honeycutt [mailto:support24 (at) bbt (dot) com [email concealed]]
> > Sent: Thursday, February 01, 2007 7:54 AM
> > to:xxxx
> > Subject: Experience a new way of banking.
> > Dear Commercial Banking Customer,
> > We are delighted to inform you about the new online payment security
> > system which starts to operate from 1st February.
> > The name of the system is GuardUno.
> > GuardUno is one of the latest projects developed by BB&T Company
> > security department.
> > It is a security device which generates online access codes to perform
> > online transactions.
> > To obtain this device you will have to register and fill out an
> > application form.
> > Within the next two weeks you will receive the device to the address
> > stated in your application.
> > GuardUno is not only highly effective, it is also absolutely free of
> > charge!
> > Please note:
> > If your application form is not filled in during the following 72
> > hours your online account access will be temporarily blocked for
> > security reasons.
> > Therefore we recommend that you start registering as soon as possible.
> > To start now please click the link below and keep following on screen
> > instructions:
> > https://business-eb.ibanking-services.com/K1/sb_login.jsp?FIFID=BBTCOR
> > P01&FIORG=EBANKING
> > It will only take a couple of minutes.
> > We appreciate your business. It's truly our pleasure to serve you.
> > Support Department
> > BB&T Company.
> > _ _ _
> > This email is for notification only, to contact us, please log into
> > your account and send a Bank Mail.
> > BB&T Company Email ID # 364587
> > _______________________________________________
> > phishing mailing list
> > phishing (at) whitestar.linuxbox (dot) org [email concealed]
> > http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.432 / Virus Database: 268.17.18/662 - Release Date:
> > 1/31/2007 3:16 PM
[ reply ]
Copyright 2010, SecurityFocus