Intersting {Phish?

[steve.milner]

Got this mail through today:

Let's make a small deal -
I will show you something and you will help me a little.... =)

As a former Internet security specialist, I constantly keep an eye on
everything that happens in the Internet.
One might say it is a professional peculiarity, habit =)

I'd like to show you the following there is one Swiss financial company in
the Internet. This company was conducting a promotion campaign 8 months ago.
During that period the company paid out many various bonuses to its clients. The
promotion campaign lasted 15 days.

Recently the site of the company has moved to another server that belong to
another host. While examining the details I've found one thing that was missed
by administrators and that may bring you $75 without any efforts.

Your part of the deal - to be registered under me. To specify me as your
referral (sponsor).
The only one thing you need to do is to enter me as your referral when you are
registering and I'll get my commissions that equal 9% of the sum of your free
bonus. Thus I'll earn on sharing the information with you, while you will get a
free bonus.

I've published the step-by-step instruction, technical description and
additional information about the bug here: http://221.2.162.20/bar/index.htm

There you will find more detailed information and description of each step you
need to do.

You will ask a question about such contents:

Why I shall not open many accounts? Why I tell it to you?
The secret is simple.
This company well watches that one person had only a unique account.
And if it finds out that from one computer openly set of accounts - they
immediately block these actions


Wish you good luck!
Yours forever,
InetInspector


Mail was HTML but nothing dodgy - URL is correct : http://221.2.162.20/bar/index.htm

whois 221.2.162.20:

inetnum: 221.0.0.0 - 221.3.127.255
netname: CNCGROUP-SD
descr: CNCGROUP Shandong province network
country: CN
admin-c: CH455-AP
tech-c: XZ14-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-SD
changed: hm-chnaged@apnic.net 20021224
status: ALLOCATED PORTABLE
source: APNIC

The above page suggests doing some starnge stuff...

Manual way
1) Open a Swiss Group SA Register page
2) In the menu of your browser choose 'File..' and 'Save as..'. In the type of file field choose 'Web-Page. Completely'.
3) Save it to disk.
4) Open this html file by notepad.

Find and delete this string:
<SCRIPT language=JavaScript1.2
src="Swiss-Group - Sign Up.files/menu.js"></SCRIPT>

"Swiss-Group - Sign Up.files" - Directory in which files of web-page are saved.

Find this string:
< FORM METHOD=POST NAME = "f1" ACTION="reg.php">
and paste after this html-tegs after it:
<input type='hidden' name='kmx_promo30' value='1'>

The result should look so:
....
<FORM METHOD=POST NAME = "f1" ACTION="reg.php">
<input type='hidden' name='kmx_promo30' value='1'>
....

5) Save this file
6) Open it by browser
7) Fill in all fields in this form
8) Press Sign Up.
If all is ok system should open an account to you.

9) Close this window and go to Swiss Group site .
10) Log in
11) Click to 'Account summary'.
12) Find 'Deposit:'
Enter '0'(Yes, ZERO) in the field of amount.
13) The system will return you back to your account with 30$ onboard!

Anyone got any idea what this will actually do?

Is this a simple Phish to get you to set up an account that the perps know about & will then use for money laundring??

Steve

[Tiger Shark]

I might be wrong but this one is pretty easy to figure out.....

Ask yourself how they are going to get the money to you........

[steve.milner]

Originally posted here by Tiger Shark
I might be wrong but this one is pretty easy to figure out.....

Ask yourself how they are going to get the money to you........

Yes....

Ah, well. It will keep the high tech crime unit busy for a while.

Steve

[Tiger Shark]

It's a good one though if you think about it. It's a double, (or more), "layer of trust". First they get you to do something seemingly innocuous that succeeds and you see ca$h.... Then greed kicks in and you want to know how to get "your" cash.... At which point I'm pretty sure it won't go the way you want.....