Full Disclosure mailing list archives

Fake ebay password stealer

From: tom () doctorunix com
Date: Fri, 3 Oct 2003 08:15:27 -0500


       

Following on the heels of the "very good looking" microsoft security patch
worm, i am now in posession of an even more convincing "Ebay Request" to
reconfirm your credit card number, PayPal account, password, etc.   This
appears to be an excellent fake and we can expect many people to be
tricked.

To see how good it looks, Checkout this image.  (It doesn't look like an
image but it is actually a JPG which hides a link to the attacker's
server.)  Many people will be fooled.  The url is fake (it is just a
picture after all).  Clicking on the real email takes the user to
http://211.170.97.202:5801/%73%65%63%75%72%69%74%79/%69%6E%64%65%78%2E%68%74%6D





(Embedded image moved to file: pic18757.gif)


tc





-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

Current thread:

Fake ebay password stealer tom (Oct 03)
- Re: Fake ebay password stealer Benjamin M.A. Robson (Oct 03)
- Re: Fake ebay password stealer Sebastian Niehaus (Oct 04)