i want to hide one of my drive in our system.. what is the prosijure,.. any softwares is there pls send and tell me..
On 5/31/10, Sandeep Thakur <[email protected]> wrote: > As I said earlier, below is an latest phishing attack based on ICICI bank. > If you go thru original email headers, you will know how intelligently the > users are tricked to click on this links. > > Addionally wrt to the Facebook similar kind of issue, I heard > static.ak.fbcdn.net domain belongs to facebook and if there are any links > from this domain, cannot be an issue. But, what does facebook wants to prove > by constructing the messages in this attacking way? > > > Regards > Sandeep Thakur > > =============================================================== > > Delivered-To: [email protected] > Received: by 10.141.37.16 with SMTP id p16cs163075rvj; > Fri, 28 May 2010 09:34:44 -0700 (PDT) > Received: by 10.227.145.83 with SMTP id c19mr456140wbv.228.1275064482760; > Fri, 28 May 2010 09:34:42 -0700 (PDT) > Return-Path: <[email protected]> > Received: from sniim-s.saratov.ru ([217.65.209.86]) > by mx.google.com with ESMTP id > a21si7308408wba.92.2010.05.28.09.34.31; > Fri, 28 May 2010 09:34:42 -0700 (PDT) > Received-SPF: fail (google.com: domain of [email protected] does > not designate 217.65.209.86 as permitted sender) client-ip=217.65.209.86; > Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of > [email protected] does not designate 217.65.209.86 as permitted > sender) [email protected] > Received: from User (unknown [41.138.164.112]) > by sniim-s.saratov.ru (Postfix) with ESMTP id 090371269A6; > Fri, 28 May 2010 20:33:56 +0400 (MSD) > From: "ICICI BANK"<[email protected]> > Subject: Information Regarding Your Account! > Date: Fri, 28 May 2010 09:34:18 -0700 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_001D_01C2A9A6.60566ED6" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-Antivirus: avast! (VPS 100528-0, 05/27/2010), Outbound message > X-Antivirus-Status: Clean > Message-Id: <[email protected]> > To: undisclosed-recipients:; > > This is a multi-part message in MIME format. > > ------=_NextPart_000_001D_01C2A9A6.60566ED6 > Content-Type: text/html; > charset="Windows-1251" > Content-Transfer-Encoding: 7bit > > <div id="yiv89565766"><div align="center"><img src=" > http://www.ijest.info/images/icici-bank-logo.jpg"; border="0" height="55" > width="260"><br> > > > > <div align="center"> > With the new VeriSign secure service.<br> > <br> > You can now enjoy flexibility and more secured services<br> > <br> > Click below to visit your account page<br> > > <br> > > <table style="" id="ecxtable1" bgcolor="#fffecd" height="25" > width="295"> > <tbody><tr> > <td align="center"><b><font face="Arial" size="2"> > > <a rel="nofollow" target="_blank" href=" > http://infinity.icicibank.co.in.inging.in/icici/indexx.html";> > <span class="ecxyshortcuts" id="ecxlw_1243015215_0"><font > color="#ff9900">CLICH HERE TO > > LOGIN TO YOUR ACCOUNT</font></span><font color="#ff9900"> > </font></a></font></b></td> > > </tr> > > </tbody></table> > <address> > </address> > <hr></div> > <div style="overflow: visible; visibility: visible;" > id="ecxmessage1850487487" class="ecxundoreset ecxclearfix"><div > id="ecxyiv530294246"> > > <div id="ecxyiv2092694417"> > <p align="center"><font face="Times New Roman" size="2"> > <span style="background-color: rgb(255, 255, 255);">ICICI ® Bank <font > size="3">apologizes for > > any > > inconvenience arising from this action.</font> </span></font></p> > > <p align="center"><font face="Times New Roman" size="2"> > <span style="background-color: rgb(255, 255, 255);">Thank you for using > ICICI ® > > Bank.<br></span></font> > <font size="2">© <span style="cursor: pointer;" > class="ecxyshortcuts" id="ecxlw_1260090494_0">ICICI > > India</span>. All > > rights reserved.</font></p> > <p align="center"> > > <span style="background-color: rgb(255, 255, 255);"><font face="Times New > Roman" size="2">I</font></span><span id="ecxz2"><font face="Times New Roman" > size="1"><span style="background-color: rgb(255, 255, 255);">nformation on > > protecting yourself from > > fraud, please > review the Security Tips in our Security Center.</span> > > > </font></span></p></div> > ======================================================== > > Regards > Sandeep Thakur > > On Tue, May 25, 2010 at 8:57 PM, Sadguru Thakur > <[email protected]>wrote: > >> Hi >> >> There were two places to be noted in the email headers. >> >> <img src="http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"; >> alt="Facebook" style="border: 0; width:50px; " /> >> >> <a href="http://profibrosis.org/participants.html"; style="color: #3b5998; >> text-decoration: none;"> >> http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebookteam</a> >> >> I think, the way the scripts are constructed.. this itself tells lot about >> vulnerabilities and exploitation. Is this Gif and HTML files are regular >> one >> or malformed/infected ones? It invovles runtime system and code analysis >> only then we can come to some conclusion. Also for everyones information, >> i >> have seen lot of phishing attack types with similar type of content >> construction but with famous Banking companies. >> >> Did you happend to do some research on this Naik? This still needs to be >> researched for more information. >> >> >> Regards >> Amar Deep >> >> >> On Tue, May 25, 2010 at 8:00 PM, Srinivas Naik >> <[email protected]>wrote: >> >>> This is really going Crazy over Internet. And has got many victims. >>> >>> Its good that this Script doesn't have any Evasion techniques involved in >>> it. So, there is scope for IDS to detect it. >>> >>> Regards, >>> Srinivas Naik >>> >>> >>> On Tue, May 25, 2010 at 2:59 PM, Sandeep Thakur >>> <[email protected]>wrote: >>> >>>> Did anyone get chance to go thru the below. Let me add few more details >>>> for your research. The below mail headers shows a CSRF, XSS attacks >>>> examples. Please go thru all IMG related tags then you will know. >>>> Probably this can help you study in the subject (How Facebook Can Be >>>> Compromised/Impersonated). Also this will through some lights on issue >>>> of >>>> how rogue applications like beach babes impacting users, posted today. >>>> >>>> >>>> Regards >>>> Sandeep Thakur >>>> >>>> >>>> On Fri, May 21, 2010 at 2:57 AM, Sandeep Thakur >>>> <[email protected]>wrote: >>>> >>>>> Let your know about how you have to check this infact.... you have to >>>>> check the original email with all headers. Given below the original >>>>> email >>>>> with headers for everyone reference: >>>>> >>>>> ------------- >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Delivered-To: [email protected] >>>>> Received: by 10.141.37.16 with SMTP id p16cs192037rvj; >>>>> Sat, 15 May 2010 21:54:13 -0700 (PDT) >>>>> Received: by 10.141.187.9 with SMTP id >>>>> o9mr2331623rvp.211.1273985653009; >>>>> >>>>> >>>>> >>>>> >>>>> Sat, 15 May 2010 21:54:13 -0700 (PDT) >>>>> Return-Path: <[email protected]> >>>>> Received: from www.bagcrafters.com ([74.208.166.151]) >>>>> >>>>> >>>>> >>>>> >>>>> by mx.google.com with SMTP id >>>>> t1si9872196rvl.76.2010.05.15.21.54.12; >>>>> Sat, 15 May 2010 21:54:12 -0700 (PDT) >>>>> Received-SPF: neutral (google.com: 74.208.166.151 is neither permitted >>>>> nor denied by best guess record for domain of [email protected]) >>>>> client-ip=74.208.166.151; >>>>> >>>>> >>>>> >>>>> >>>>> Authentication-Results: mx.google.com; spf=neutral (google.com: >>>>> 74.208.166.151 is neither permitted nor denied by best guess record for >>>>> domain of [email protected]) [email protected] >>>>> >>>>> >>>>> >>>>> >>>>> Date: Sun, 16 May 2010 00:46:01 +0400 >>>>> To: <[email protected]> >>>>> >>>>> From: Facebook <[email protected] >>>>> <notification%[email protected]>> >>>>> >>>>> >>>>> >>>>> Reply-to: noreply <[email protected]> >>>>> >>>>> Subject: Facebook Support sent you a message on Facebook... >>>>> Message-ID: <[email protected]> >>>>> >>>>> >>>>> >>>>> >>>>> X-Priority: 3 >>>>> X-Mailer: ZuckMail [version 1.00] >>>>> X-Facebook-Notify: msg; from=124112171639398; t=151694426525; >>>>> mailid=CA2DDD7Da65B9F6Ab114Cb01d4e0Ce >>>>> Errors-To: [email protected] >>>>> <notification%[email protected]> >>>>> >>>>> >>>>> >>>>> >>>>> X-FACEBOOK-PRIORITY: 0 >>>>> MIME-Version: 1.0 >>>>> Content-Type: text/html; charset = "UTF-8" >>>>> Content-Transfer-Encoding: 7bit >>>>> >>>>> >>>>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional //EN"> >>>>> >>>>> >>>>> >>>>> >>>>> <html><head><meta http-equiv="Content-Type" content="text/html; >>>>> charset=utf-8"><title>Facebook</title></head><body style="margin: 0; >>>>> padding: 0;" dir="ltr"><table width="98%" border="0" cellspacing="0" >>>>> cellpadding="40"><tr><td bgcolor="#f7f7f7" width="100%" >>>>> style="font-family: lucida grande, tahoma, verdana, arial, >>>>> sans-serif;"><table cellpadding="0" cellspacing="0" border="0" >>>>> width="620"><tr><td style="background: #3b5998; color: #fff; >>>>> font-weight: bold; font-family: lucida grande, tahoma, verdana, arial, >>>>> sans-serif; padding: 4px 8px; vertical-align: middle; font-size: 16px; >>>>> letter-spacing: -0.03em; text-align: left;">facebook</td></tr><tr><td >>>>> style="background-color: #fff; border-bottom: 1px solid #3b5998; >>>>> border-left: 1px solid #ccc; border-right: 1px solid #ccc;font-family: >>>>> lucida grande, tahoma, verdana, arial, sans-serif; padding: 15px;" >>>>> valign="top"><table width="100%"><tr><td width="100%" style="font-size: >>>>> 12px;" valign="top" align="left"><div style="margin-bottom: 15px;"><a >>>>> href="http://www.facebook.com";>Facebook</a> sent you a >>>>> message.</div><div style="margin-bottom: 15px;"><table cellpadding="0" >>>>> cellspacing="0" style="width: 90%; font-size: 12px;"><tr><td >>>>> colspan="2" style="border-top:1px solid #cfd7e4;"></td></tr><tr><td >>>>> valign="top" style="padding: 7px 7px 7px 0px; width: 57px;"><a >>>>> href="http://www.facebook.com";><img >>>>> src="http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"; >>>>> alt="Facebook" style="border: 0; width:50px; " /></a></td><td >>>>> valign="top" align="left" style="padding: 7px 0px;"><div >>>>> style="padding-bottom: 7px;"><a style="font-weight: bold;" >>>>> href="http://www.facebook.com";>Facebook</a><span style="padding-left: >>>>> 7px; color: #888;"> </span></div><div style="padding-bottom: >>>>> 7px;">Subject: Important information</div><div style="padding-bottom: >>>>> 7px;"> </div></td></tr><tr><td colspan="2" style="border-top:1px solid >>>>> #cfd7e4;"></td></tr></table></div></td></tr></table><div >>>>> style="padding-top: 15px;"><table width="100%" cellspacing="0" >>>>> cellpadding="0"><tr><td style="background-color: #FFF8CC; border: 1px >>>>> solid #FFE222; color: #333; padding: 10px; font-size: 11px;"><div >>>>> style="font-weight: bold; margin-bottom: 2px;">To read this message, >>>>> follow the link below:</div><a >>>>> href="http://profibrosis.org/participants.html"; style="color: #3b5998; >>>>> text-decoration: >>>>> none;">http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebook >>>>> team</a></td></tr></table></div></td></tr><tr><td style="color: #999; >>>>> padding: 10px; font-size: 11px; font-family: lucida grande, tahoma, >>>>> verdana, arial, sans-serif;">This message was intended for you. If you >>>>> do not wish to receive this type of email from Facebook in the future, >>>>> please click on the link below to unsubscribe. >>>>> >>>>> >>>>> >>>>> http://www.facebook.com/o.php?k=5b6f4f&u=1424721642895&mid=6debdc83342b2e8d5d2e0c10ec2db015 >>>>> >>>>> >>>>> Facebook`s offices are located at 1601 S. California Ave., Palo Alto, >>>>> CA 94304.</td></tr></table></td></tr></table></body></html> >>>>> >>>>> >>>>> >>>>> ------------- >>>>> >>>>> Regards >>>>> Sandeep Thakur >>>>> >>>>> >>>>> On Thu, May 20, 2010 at 2:17 PM, Sandeep Thakur >>>>> <[email protected]>wrote: >>>>> >>>>>> In addition to the mail sent with subject "Facebook Password Reset >>>>>> Scam By Macfee" by Amardeep last day, I would like to share one such >>>>>> real spam mail to you all. Can any point in the code where is the >>>>>> problem... >>>>>> a perfect XSS example though.... given you hint rather... >>>>>> >>>>>> >>>>>> >>>>>> Regards >>>>>> Sandeep Thakur >>>>>> >>>>>> >>>>>> ---------- Forwarded message ---------- >>>>>> From: Facebook >>>>>> <[email protected]<notification%[email protected]> >>>>>> > >>>>>> Date: Sat, May 15, 2010 at 1:46 PM >>>>>> Subject: Facebook Support sent you a message on Facebook... >>>>>> To: [email protected] >>>>>> >>>>>> >>>>>> facebook >>>>>> Facebook sent you a message. >>>>>> [image: Facebook] >>>>>> Facebook >>>>>> Subject: Important information >>>>>> To read this message, follow the link below: >>>>>> http://www.facebook.com/n/?inbox/readmessage.php&t=1896555548701&mid=e57eb542edf6134cc3d131c422355f97&n_m=facebook >>>>>> team >>>>>> This message was intended for you. If you do not wish to receive this >>>>>> type of email from Facebook in the future, please click on the link >>>>>> below to >>>>>> unsubscribe. >>>>>> http://www.facebook.com/o.php?k=5b6f4f&u=1424721642895&mid=6debdc83342b2e8d5d2e0c10ec2db015Facebook`s >>>>>> offices are located at 1601 S. California Ave., Palo Alto, CA >>>>>> 94304. >>>>>> >>>>>> >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups >>>> "nforceit" group. >>>> To post to this group, send an email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]<nforceit%[email protected]> >>>> . >>>> For more options, visit this group at >>>> http://groups.google.com/group/nforceit?hl=en-GB. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "nforceit" group. >>> To post to this group, send an email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<nforceit%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/nforceit?hl=en-GB. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "nforceit" group. >> To post to this group, send an email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<nforceit%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/nforceit?hl=en-GB. >> > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
![http://www.ijest.info/images/icici-bank-logo.jpg"](http://www.ijest.info/images/icici-bank-logo.jpg"){kind=link}
![http://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"](https://static.ak.fbcdn.net/rsrc.php/z5HB7/hash/ecyu2wwn.gif"){kind=link}