Intersting {Phish?
Results 1 to 4 of 4

Thread: Intersting {Phish?

  1. #1
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    Intersting Phish?

    Got this mail through today:

    Let's make a small deal -
    I will show you something and you will help me a little.... =)

    As a former Internet security specialist, I constantly keep an eye on
    everything that happens in the Internet.
    One might say it is a professional peculiarity, habit =)

    I'd like to show you the following there is one Swiss financial company in
    the Internet. This company was conducting a promotion campaign 8 months ago.
    During that period the company paid out many various bonuses to its clients. The
    promotion campaign lasted 15 days.

    Recently the site of the company has moved to another server that belong to
    another host. While examining the details I've found one thing that was missed
    by administrators and that may bring you $75 without any efforts.

    Your part of the deal - to be registered under me. To specify me as your
    referral (sponsor).
    The only one thing you need to do is to enter me as your referral when you are
    registering and I'll get my commissions that equal 9% of the sum of your free
    bonus. Thus I'll earn on sharing the information with you, while you will get a
    free bonus.

    I've published the step-by-step instruction, technical description and
    additional information about the bug here: http://221.2.162.20/bar/index.htm

    There you will find more detailed information and description of each step you
    need to do.

    You will ask a question about such contents:

    Why I shall not open many accounts? Why I tell it to you?
    The secret is simple.
    This company well watches that one person had only a unique account.
    And if it finds out that from one computer openly set of accounts - they
    immediately block these actions


    Wish you good luck!
    Yours forever,
    InetInspector


    Mail was HTML but nothing dodgy - URL is correct : http://221.2.162.20/bar/index.htm

    whois 221.2.162.20:

    inetnum: 221.0.0.0 - 221.3.127.255
    netname: CNCGROUP-SD
    descr: CNCGROUP Shandong province network
    country: CN
    admin-c: CH455-AP
    tech-c: XZ14-AP
    mnt-by: APNIC-HM
    mnt-lower: MAINT-CNCGROUP-SD
    changed: hm-chnaged@apnic.net 20021224
    status: ALLOCATED PORTABLE
    source: APNIC

    The above page suggests doing some starnge stuff...

    Manual way
    1) Open a Swiss Group SA Register page
    2) In the menu of your browser choose 'File..' and 'Save as..'. In the type of file field choose 'Web-Page. Completely'.
    3) Save it to disk.
    4) Open this html file by notepad.

    Find and delete this string:
    <SCRIPT language=JavaScript1.2
    src="Swiss-Group - Sign Up.files/menu.js"></SCRIPT>

    "Swiss-Group - Sign Up.files" - Directory in which files of web-page are saved.

    Find this string:
    < FORM METHOD=POST NAME = "f1" ACTION="reg.php">
    and paste after this html-tegs after it:
    <input type='hidden' name='kmx_promo30' value='1'>

    The result should look so:
    ....
    <FORM METHOD=POST NAME = "f1" ACTION="reg.php">
    <input type='hidden' name='kmx_promo30' value='1'>
    ....

    5) Save this file
    6) Open it by browser
    7) Fill in all fields in this form
    8) Press Sign Up.
    If all is ok system should open an account to you.

    9) Close this window and go to Swiss Group site .
    10) Log in
    11) Click to 'Account summary'.
    12) Find 'Deposit:'
    Enter '0'(Yes, ZERO) in the field of amount.
    13) The system will return you back to your account with 30$ onboard!

    Anyone got any idea what this will actually do?

    Is this a simple Phish to get you to set up an account that the perps know about & will then use for money laundring??

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I might be wrong but this one is pretty easy to figure out.....

    Ask yourself how they are going to get the money to you........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Originally posted here by Tiger Shark
    I might be wrong but this one is pretty easy to figure out.....

    Ask yourself how they are going to get the money to you........
    Yes....

    Ah, well. It will keep the high tech crime unit busy for a while.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It's a good one though if you think about it. It's a double, (or more), "layer of trust". First they get you to do something seemingly innocuous that succeeds and you see ca$h.... Then greed kicks in and you want to know how to get "your" cash.... At which point I'm pretty sure it won't go the way you want.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides