[OT] [plug] Just got a real nice bit of spam
Mike Holland
myk at plug.linux.org.au
Tue Mar 18 10:33:17 WST 2003
Interesting. Its simultaneously crude and sophisticated. There are some
really obvious errors which suggest a dumb script-kiddie type has
modified this for the commonwealth bank.
> > From: "admins at commonwealthbank.com"<admins at commonwealthbank.com>
Wrong commonwealth bank! They could have easily used the correct address.
> > Date: Mon, 17 Mar 2003 18:45:30 +0300
Hmmm ... I suspect that is correct. Russia.
Or, there are a few others, including, wait for it, ... Iraq!
> > Content-Type: text/plain; charset="Windows-1251"
OK, so they are Russian. Or at least cyrillic.
> > frequently fraud transactions and to keep your
With lots of bad english.
> > website at <ahref="http://64.46.113.74/netbank/bankmain.htm">https://www2.netbank.commbank.com.au/netbank/bankmain.htm</a>
Hey Bill, that wasnt genuine. Not if the dupe clicks on it.
> > <FORM METHOD="POST" ACTION="http://64.46.113.74/netbank/load.php">
> > To review your statement, log into your NetBank
> > account and click the eStatements & eNotices button
Does CBA use those terms?
> > please send us a Bank Mail or call us at
> > 1-888-BKONWEB (256-6932).
Theres the giveaway. The script-kiddie did a rather crude hack to modify
it. I'll bet there are lots of versions floating about for different
banks.
Remember the guys who made a fake ATM facade, and put it in front of a
real ATM on a weekend? It captured everybody's card details and PINs, so
they could clone the cards and milk the accounts. So much trouble compared
to the software approach. Whats it going to take before the banks use
smart-cards, with challenge-response authentication?
--
Ask not for whom the telephone bell tolls...
if thou art in the bathtub, it tolls for thee.
More information about the plug
mailing list