Good deed done for the day :)
Matt
Matthew Bramble wrote:
The payload on this goes to a site that pops up a window using Zap The Ding Bat URL obfuscation to make the URL look like it is the real Citibank site. Very dangerous and because it's being redirected on that site, you can't catch the technique in the E-mail.
I contacted the hosting provider as a community service.
Matt
John Tolmachoff (Lists) wrote:
I wonder how many people will actually fall for this:
--=_579b51922d72e436946615fa16088dbb Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
--=_579b51922d72e436946615fa16088dbb Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable
<body bgcolor=3D"#FFFFFF" text=3D"#000000"> <DIV>Dear Citibank Member,</DIV=
<DIV><BR>This email was sent by the Citibank server to verify your E-mail<B=
R>address. You must complete this process by clicking on the link<BR>below =
and entering in the small window your Citibank ATM/Debit<BR>Card number and=
PIN that you use on ATM.<BR>This is done for your protection -- because so=
me of our members<BR>no longer have access to their email addresses and we =
must<BR>verify it.</DIV>
<DIV><BR>To verify your E-mail address and access your bank account,<BR>cli=
ck on the link below:</DIV>
<DIV><BR><A href=3D"http://65.246.58.14/baluci/scripts/email_verify.htm";>ht=
tps://web.da-us.citibank.com/signin/citifi/scripts/email_verify.jsp</A></DI=
V> <DIV><BR>-----------------------------</DIV> <DIV>Thank you for using Citibank</DIV> <DIV>-----------------------------</DIV> </body> --=_579b51922d72e436946615fa16088dbb--
John Tolmachoff Engineer/Consultant/Owner eServices For You
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
