Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Red Cross Fraud

From: "Brian Morin" <brian () brightblade org>
Date: Sun, 16 Sep 2001 18:45:48 -0500
Now it might, but perhaps at the time it was pointing to something else.
Someone probably shut this down PDQ.

-- Brian Morin

: -----Original Message-----
: From: Akatosh [mailto:akatosh () rains net] 
: Sent: Sunday, September 16, 2001 13:33
: To: Firehose
: Cc: incidents () securityfocus com
: Subject: Re: Red Cross Fraud
: 
: 
: 
: mabe I'm missing something, but what is fraudulant about 
: this? The url's appear to redirect to the real websites.
: 
: [akatosh@hope akatosh]$ wget -q -O index1.html 
: "http://RedCross.ym0.net/re3.asp?C=29905&P=68339&E=1113263";
: [akatosh@hope akatosh]$ wget -q -O index2.html 
: "http://www.redcross.org"; [akatosh@hope akatosh]$ diff -s 
: index1.html index2.html Files index1.html and index2.html are 
: identical [akatosh@hope akatosh]$
: 
: they don't even throw a banner add at you before they redirect
: 
: On Sat, 15 Sep 2001, Firehose wrote:
: 
: > This criminal fraud originated from IP 64.37.207.81.
: >
: > I changed ".com" to ".Zcom" (except for my own email address) and 
: > ".net" to ".Znet" to protect any of you running vulnerable mail 
: > readers.
: >
: > Spread the word that there will be others doing this (with 
: different 
: > IPs and URLs).  Sigh.
: >
: > Thanks,
: >
: > Bob Toxen, CTO
: > Fly-By-Day Consulting, Inc.       "Experts in Linux & Unix security"
: > bob () cavu com
: > hose () cavu com [bulk security email]
: > http://www.cavu.com
: > http://www.realworldlinuxsecurity.com/ [My 5* book: Real 
: World Linux 
: > Security] Quality Linux & UNIX security and software 
: consulting since 
: > 1990.
: > -------------------- criminally fraudulent email follows 
: ----------------
: > Date: Sat, 15 Sep 2001 04:26:17 -0500
: > To: [CENSORED]
: > From: "YesMail" <subs () my yesmail Zcom>
: > Errors-To: subs () my yesmail Zcom
: > Bounces_To: subs () my yesmail Zcom
: > Subject: Resources for Helping Victims of Tuesday's Tragedies
: >
: > <img src="x.gif" width=1 height=1 alt=" 
: > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
: > *                                               *
: > * IF YOU CAN READ THIS, YOUR EMAIL PROGRAM      *
: > * IS TEXT-BASED AND CANNOT READ HTML MESSAGES   *
: > *                                               *
: > * THE TEXT VERSION IS BELOW. PLEASE ACCEPT      *
: > * OUR APOLOGY FOR SENDING AN HTML MESSAGE.      *
: > *                                               *
: > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
: >
: > 
: ----------------------------------------------------------------------
: > --
: > This message is brought to you by MyStartingPoint and YesMail.
: > We appreciate your membership.  To modify your member profile,
: > please see Member Services below.
: > 
: --------------------------------------------------------------
: ----------
: >
: > The Tuesday morning tragedies in New York and Washington 
: resulted in a 
: > significant number of injuries and deaths leaving millions of 
: > Americans searching for ways to help. Numerous federal and local 
: > agencies along with private organizations are seeking 
: assistance from 
: > the public. In a voluntary corporate effort, YesMail offers the 
: > following information as a resource for helping victims.
: >
: > To Give Blood:
: > American Red Cross  1-800-GIVE LIFE 
: > http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263
: >
: > New York Blood Center  1-800-933-BLOOD 
: > http://NYBloodCtr.ym0.Znet/re3.asp?C=29905&P=68340&E=1113263
: >
: >
: > To Make Financial Contributions:
: > American Red Cross  1-800-HELP-NOW 
: > http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263
: >
: > United Way  1-212-251-4035 
: > http://UnitedWay.ym0.Znet/re3.asp?C=29905&P=68341&E=1113263
: >
: > Salvation Army  1-800-SAL-ARMY 
: > http://SalvArmy.ym0.Znet/re3.asp?C=29905&P=68342&E=1113263
: >
: >
: > To Volunteer Services (New York):
: > FEMA World Trade Center Relief  1-800-801-8092
: >
: >
: > 
: ----------------------------------------------------------------------
: > --
: > Please visit the above Web site to verify offer 
: availability outside the United States.
: > 
: --------------------------------------------------------------
: ----------
: > *MEMBER SERVICES*
: > To modify your YesMail account or add interest categories visit
: > http://my.yesmail.Zcom/default.asp?UID=1113263&SUBC=29aw56ab3o.
: > To learn more about yesmail.Zcom, visit http://www.yesmail.Zcom or
: > write us at 222 S. Riverside Plaza 17th Floor, Chicago, IL 60606.
: > To unsubscribe from YesMail, click
: > 
: http://my.yesmail.Zcom/mymoptout.asp?PID=29905&SUBC=29aw56ab3o
: &UID=1113263
: > or send an email to subs () my yesmail Zcom with the word
: > unsubscribe in the subject line.
: > 
: --------------------------------------------------------------
: ----------
: >
: > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
: > THIS IS THE END OF YOUR EMAIL MESSAGE.
: > Your email program is text-based and cannot read
: > HTML messages. Please ignore the HTML code below. 
: > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
: >
: >
: >
: >
: >
: >
: >
: >
: > ">
: > <html>
: >
: > <head>
: >
: > <title>information</title>
: >
: > <meta http-equiv="Content-Type" content="text/html; 
: > charset=iso-8859-1">
: >
: > </head>
: >
: >
: >
: > <body bgcolor="#FFFFFF" text="#000000">
: >
: > <table cellpadding=0 cellspacing=0 border=0 width=400>
: > <tr>
: > <td bgcolor="#ffffff"><FONT face=Arial size=-2>This
: > message is brought to you by MyStartingPoint and YesMail.  We 
: > appreciate your membership. <br>To modify your member 
: profile, please 
: > see "Member Services" below.</FONT><BR> <HR align=left 
: > width=400></td></tr></table> <p>
: >
: >
: >
: > <table width="530" border="0" cellspacing="0" cellpadding="0">
: >
: >   <tr>
: >
: >     <td align="left" valign="top"><font face="Arial, Helvetica, 
: > sans-serif" size="2" color="#000000">The
: >
: >       Tuesday morning tragedies in New York and Washington 
: resulted in 
: > a significant
: >
: >       number of injuries and deaths leaving millions of Americans 
: > searching for
: >
: >       ways to help. Numerous federal and local agencies along with 
: > private organizations
: >
: >       are seeking assistance from the public. In a 
: voluntary corporate 
: > effort,
: >
: >       YesMail offers the following information as a resource for 
: > helping victims.<br>
: >
: >       <br>
: >
: >       <b><font size="3">To Give Blood:</font></b><br><img 
: > src="http://media.ym0.Znet/spacer.gif"; width=15">
: >
: >       <a 
: > 
: href="http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263";>Amer
: > ican Red Cross</a> 1-800-GIVE LIFE<br><img 
: > src="http://media.ym0.Znet/spacer.gif"; width=15">
: >
: >       <a 
: > 
: href="http://NYBloodCtr.ym0.Znet/re3.asp?C=29905&P=68340&E=1113263";>Ne
: > w York Blood Center</a> 1-800-933-BLOOD
: >
: >       <br>
: >
: >       <br>
: >
: >       <font size="3"><b>To Make Financial Contributions: 
: > </b></font><br><img src="http://media.ym0.Znet/spacer.gif"; 
: width=15">
: >
: >       <a 
: > 
: href="http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263";>Amer
: > ican Red Cross</a> 1-800-HELP-NOW <br><img 
: > src="http://media.ym0.Znet/spacer.gif"; width=15">
: >
: >       <a 
: > 
: href="http://UnitedWay.ym0.Znet/re3.asp?C=29905&P=68341&E=1113263";>Uni
: > ted Way</a> 1-212-251-4035 <br><img 
: > src="http://media.ym0.Znet/spacer.gif"; width=15">
: >
: >       <a 
: > 
: href="http://SalvArmy.ym0.Znet/re3.asp?C=29905&P=68342&E=1113263";>Salv
: > ation Army</a> 1-800-SAL-ARMY
: >
: >       <br>
: >
: >       <br>
: >
: >       <b><font size="3">To Volunteer Services (New 
: > York):</font></b><br><img src="http://media.ym0.Znet/spacer.gif"; 
: > width=15">
: >
: >       FEMA World Trade Center Relief 1-800-801-8092 </font></td>
: >
: >   </tr>
: >
: > </table>
: >
: > <img src = 
: "http://YesMail.ym0.Znet/re3.asp?C=29905&P=68347&E=1113263"; 
: > border=0 >
: >
: >
: >
: > <p>
: > <TABLE bgColor=#ffffff border=0 cellPadding=0 cellSpacing=2 
: width=600> 
: > <TR> <td colspan=2 bgcolor=#ffffff><FONT face=arial size=-2 
: > color="#000000">Please visit the above Web site to verify offer 
: > availability outside the United States.</FONT><HR></td> </tr>
: > <tr>
: > <td bgcolor=#ffffff><img 
: src="http://media.ym0.Znet/yesmail/member.gif"; border=0 
: align=left></td>
: > <td bgcolor=#ffffff><font face=arial size=-2 
: color=#000000>To modify your MyYesMail account or add 
: interest categories
: > visit <a 
: href="http://my.yesmail.Zcom/default.asp?uid=1113263&subc=29aw
: 56ab3o">http://my.yesmail.Zcom</a>. To learn more about 
: YesMail, visit <A
: > href="http://www.yesmail.Zcom";>http://www.yesmail.Zcom</A> 
: or write us at 222 S. Riverside Plaza 17th Floor, Chicago, IL 
: 60606. To
: > unsubscribe from YesMail, click <A 
: href="http://my.yesmail.Zcom/mymoptout.asp?PID=29905&SUBC=29aw
: 56ab3o&UID=1113263">here</A> or send an email to <A
: > href="mailto:subs () my yesmail Zcom">subs () my yesmail Zcom</A> 
: with the word
: > "unsubscribe" in the subject line.</font></td></tr>
: > </table>
: > <hr>
: >
: >
: > </body>
: >
: > </html>
: >
: > 
: ----------------------------------------------------------------------
: > ------
: > This list is provided by the SecurityFocus ARIS analyzer service.
: > For more information on this free incident handling, management
: > and tracking system please see: http://aris.securityfocus.com
: >
: >
: 
: -- 
: Edward Fahner
: Systems Administrator, Planet Communications Network 
: (540)442-6677 x222 [aka. Akatosh  .CU.Au, akatosh () rains net] 
: DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)N^MH+$-Fj~R+Ac+++!J+S+
: U-I--#V+++Q+Tc++
: 
: 
: --------------------------------------------------------------
: --------------
: This list is provided by the SecurityFocus ARIS analyzer 
: service. For more information on this free incident handling, 
: management 
: and tracking system please see: http://aris.securityfocus.com
: 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: