Re: 3 new MS patches next week...but none fix 0x01! (Citibank)

["Ray P" <sixsigma98 () hotmail com>]

Hi Mary

I just got a post from another forum that a second subject line is in use:

CITI-ONLINE email Veerification

followed by an email address so I blocked *citi-online* as well. That 
message is full of typos and takes you to a .ru site which is now displaying 
a 403 error. We had received four of the ones you got, so I notified those 
four employees also.

Thanks for bringing this to the list's attention because this is about to 
get right ugly,

Ray

> From: "Mary Landesman" <mlande () bellsouth net>
> To: "J G" <sixsigma98 () hotmail com>, <nick () virus-l demon co uk>,        
> <full-disclosure () lists netsys com>
> Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix 
> 0x01!
> Date: Sat, 10 Jan 2004 23:20:09 -0500
>
> Sorry...should have included that. The subject is: Important Fraud Alert
> from Citibank
>
> -- Mary
>
> ----- Original Message -----
> From: "J G" <sixsigma98 () hotmail com>
> To: <mlande () bellsouth net>; <nick () virus-l demon co uk>;
> <full-disclosure () lists netsys com>
> Sent: Saturday, January 10, 2004 9:10 PM
> Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
> 0x01!
>
>
> Hi Mary,
>
> What's the subject of the Citibank email you just received? I'd like to
> block it on our SMTP gateways.
>
> Thanks,
>
> Ray
>
> >From: "Mary Landesman" <mlande () bellsouth net>
> >To: <nick () virus-l demon co uk>, <full-disclosure () lists netsys com>
> >Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
> >0x01!
> >Date: Sat, 10 Jan 2004 20:26:20 -0500
> >
> >There now seems to be an active Citibank phishing email exploiting the 
> 0x01
> >vulnerability. The message states in part:
> >------------------------
> >On January 10th 2004 Citibank had to block some accounts in our system
> >connected with money laundering, credit card fraud, terrorism and check
> >fraud activity. The information in regards to those accounts has been
> >passed
> >to our correspondent banks, local, federal and international authorities.
> >
> >Due to our extensive database operations some accounts may have been
> >changed. We are asking our customers to check their checking and savings
> >accounts if they are active or if their current balance is correct.
> >
> >Citibank notifies all it's customers in cases of high fraud or criminal
> >activity and asks you to check your account's balances. If you suspect or
> >have found any fraud activity on your account please let us know by 
> logging
> >in at the link below.
> >------------------------
> >
> >The link is a button. When clicked, it takes the user to an address that
> >"seems" to be citibank.com. Instead it is really
> >http://211.239.150.170/login/login.htm. I've just received a copy of it 
> and
> >verified that the site is still active.
> >
> >The IP resolves to:
> >
> >[ ISP Organization Information ]
> >Org Name      : Enterprise Networks
> >Service Name  : ENTERPRISENET
> >Org Address   : GNG IDC B/D, 343-1 Yhatap-dong, Pundang-gu, Seongnam
> >
> >[ ISP IP Admin Contact Information ]
> >Name          : Hyo-Sun, Chang
> >Phone         : +82-2-2105-6082
> >Fax           : +82-2-2105-6100
> >E-Mail        : ip () epnetworks co kr
> >
> >[ ISP IP Tech Contact Information ]
> >Name          : IP
> >Phone         : +82-2-2105-6016
> >Fax           : +82-2-2105-6100
> >E-mail        : ip () epnetworks co kr
> >
> >[ ISP Network Abuse Contact Information ]
> >Name          : Postmaster
> >Phone         : +82-2-2105-6075
> >Fax           : +82-2-2105-6100
> >E-mail        : abuse () epnetworks co kr
> >
> >Regards,
> >Mary Landesman
> >Antivirus About.com Guide
> >http://antivirus.about.com
> >
> >
> >----- Original Message -----
> >From: "Nick FitzGerald" asked:
> >
> > > OK -- is HSBC bank a large enough client of Microsoft's??
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _________________________________________________________________
> Learn how to choose, serve, and enjoy wine at Wine @ MSN.
> http://wine.msn.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________
Scope out the new MSN Plus Internet Software — optimizes dial-up to the max! 
  http://join.msn.com/?pgmarket=en-us&page=byoa/plus&ST=1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html