Full Disclosure mailing list archives

Re: 3 new MS patches next week... but none fix 0x01!

From: "Ray P" <sixsigma98 () hotmail com>
Date: Sun, 11 Jan 2004 04:37:23 +0000

It seems the site is still up. Clicking the link from an Outlook Expressmessage that had been forwarded to me is what screwed it up. Pasting thelink into IE took me right there.

Ray

From: "Mary Landesman" <mlande () bellsouth net>

To: "J G" <sixsigma98 () hotmail com>, <nick () virus-l demon co uk>,<full-disclosure () lists netsys com>Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix0x01!

Date: Sat, 10 Jan 2004 23:20:09 -0500

Sorry...should have included that. The subject is: Important Fraud Alert
from Citibank

-- Mary

----- Original Message -----
From: "J G" <sixsigma98 () hotmail com>
To: <mlande () bellsouth net>; <nick () virus-l demon co uk>;
<full-disclosure () lists netsys com>
Sent: Saturday, January 10, 2004 9:10 PM
Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
0x01!


Hi Mary,

What's the subject of the Citibank email you just received? I'd like to
block it on our SMTP gateways.

Thanks,

Ray

>From: "Mary Landesman" <mlande () bellsouth net>
>To: <nick () virus-l demon co uk>, <full-disclosure () lists netsys com>
>Subject: Re: [Full-disclosure] 3 new MS patches next week... but none fix
>0x01!
>Date: Sat, 10 Jan 2004 20:26:20 -0500
>

>There now seems to be an active Citibank phishing email exploiting the0x01

>vulnerability. The message states in part:
>------------------------
>On January 10th 2004 Citibank had to block some accounts in our system
>connected with money laundering, credit card fraud, terrorism and check
>fraud activity. The information in regards to those accounts has been
>passed
>to our correspondent banks, local, federal and international authorities.
>
>Due to our extensive database operations some accounts may have been
>changed. We are asking our customers to check their checking and savings
>accounts if they are active or if their current balance is correct.
>
>Citibank notifies all it's customers in cases of high fraud or criminal
>activity and asks you to check your account's balances. If you suspect or

>have found any fraud activity on your account please let us know bylogging

>in at the link below.
>------------------------
>
>The link is a button. When clicked, it takes the user to an address that
>"seems" to be citibank.com. Instead it is really

>http://211.239.150.170/login/login.htm. I've just received a copy of itand

>verified that the site is still active.
>
>The IP resolves to:
>
>[ ISP Organization Information ]
>Org Name      : Enterprise Networks
>Service Name  : ENTERPRISENET
>Org Address   : GNG IDC B/D, 343-1 Yhatap-dong, Pundang-gu, Seongnam
>
>[ ISP IP Admin Contact Information ]
>Name          : Hyo-Sun, Chang
>Phone         : +82-2-2105-6082
>Fax           : +82-2-2105-6100
>E-Mail        : ip () epnetworks co kr
>
>[ ISP IP Tech Contact Information ]
>Name          : IP
>Phone         : +82-2-2105-6016
>Fax           : +82-2-2105-6100
>E-mail        : ip () epnetworks co kr
>
>[ ISP Network Abuse Contact Information ]
>Name          : Postmaster
>Phone         : +82-2-2105-6075
>Fax           : +82-2-2105-6100
>E-mail        : abuse () epnetworks co kr
>
>Regards,
>Mary Landesman
>Antivirus About.com Guide
>http://antivirus.about.com
>
>
>----- Original Message -----
>From: "Nick FitzGerald" asked:
>
> > OK -- is HSBC bank a large enough client of Microsoft's??
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________
Learn how to choose, serve, and enjoy wine at Wine @ MSN.
http://wine.msn.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_________________________________________________________________

Let the new MSN Premium Internet Software make the most of your high-speedexperience. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: 3 new MS patches next week... but none fix 0x01! Exibar (Jan 09)
- <Possible follow-ups>
- RE: 3 new MS patches next week... but none fix 0x01! tlarholm (Jan 09)
- Re: 3 new MS patches next week... but none fix 0x01! J G (Jan 10)
  - RE: 3 new MS patches next week... but none fix 0x01! David Bartholomew (Jan 10)
    - re: Citibank phishing email Jim Race (Jan 10)
    - RE: [inbox] RE: 3 new MS patches next week... Exibar (Jan 11)
    - RE: 3 new MS patches next week... Can Erkin Acar (Jan 12)
  - Re: 3 new MS patches next week... but none fix 0x01! Mary Landesman (Jan 10)
- Re: 3 new MS patches next week... but none fix 0x01! Ray P (Jan 10)
- RE: 3 new MS patches next week... but none fix 0x01! Paul Szabo (Jan 10)
  - RE: 3 new MS patches next week... but none fix 0x01! David Bartholomew (Jan 11)