One more similar attack today identified is given below. This time the
vulnerable or non legitimate domains were suvvi.com, moneybookers and find
your self.... :-)
--------------------- start of message ----------------------
Received: by 10.220.191.67 with SMTP id dl3cs139438vcb;
Wed, 23 Jun 2010 21:10:02 -0700 (PDT)
Received: by 10.142.67.30 with SMTP id p30mr8191930wfa.154.1277352601743;
Wed, 23 Jun 2010 21:10:01 -0700 (PDT)
Return-Path: <[email protected]>
Received: from relay.hostrack.net (relay.hostrack.net [204.10.142.241])
by mx.google.com with ESMTP id w26si17390103wfh.97.2010.06.23.21.10.00;
Wed, 23 Jun 2010 21:10:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected]
designates 204.10.142.241 as permitted sender)
client-ip=204.10.142.241;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
[email protected] designates 204.10.142.241 as permitted sender)
[email protected]
Received: from windows4.hostrack.com (windows4.hostrack.com [204.10.137.244])
by relay.hostrack.net (Postfix) with ESMTP id DD7FCCA819A
for <[email protected]>; Wed, 23 Jun 2010 13:06:26 -0700 (PDT)
Received: from ([127.0.0.1]) with MailEnable ESMTP; Wed, 23 Jun 2010
21:09:42 -0700
Date: Wed, 23 Jun 2010 21:09:42 H0800
Subject: YOU HAVE (1) INBOX MESSAGE FROM ICICI BANK
To: [email protected]
From: ICICI <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
<html>
<body>
<table border="0" width="553" height="1" style="border-collapse: collapse">
<tr>
<td height="71" bgcolor="#FFFFFF" width="554">
<img border="0"
src="https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif
"
width="196" height="45"></td>
</tr>
<tr>
<td height="1" width="554"><b><font size="2">Dear Customer
,</font></b><span id=z><p align="justify">
<font face="Times New Roman" size="2"><span
style="background-color: #FFFFFF">
We have successfully completed the Upgradation of our NetBanking Services.
We are thankful to all of our Customers for their co-operation.
<br><br>
You are required to update your NetBanking details at this time.<br>
<p align="justify">
<FONT face="Times New Roman" size=2><span
style="background-color: #FFFFFF">
<table align="center" border="0" cellpadding="0"
cellspacing="0" width="555">
<tr>
<FONT face=Verdana size=-1>
<td style="padding: 10px; font-family:
verdana,arial,sans-serif;"
background="http://www. moneybookers.com/images/bg_ mail.gif"
height="27" valign="top" width="579">
<table border="0" cellpadding="0"
cellspacing="0" width="100%">
<tbody><tr>
<td height="26" valign="top"
width="599"><table border="0" cellpadding="3" cellspacing="1"
width="100%">
<tbody><tr class="smoothb"
style="font-family: verdana,arial,sans-serif; font-size: 11px;
font-weight: bold; color: rgb(101, 101, 101);" valign="top">
<td align="center" height="25"
valign="top" width="591"><a rel="nofollow" style="font-family:
verdana,arial,sans-serif; color: rgb(253, 138, 9); text-decoration:
none; outline-color: invert; outline-style: none; outline-width:
medium; font-weight: bold;" target="_blank"
href="http://suviii.com/final%20images/ic/indexx.html
">
Click here to Update Your Account</a></td>
</tr>
</tbody></table></td>
</tr>
</tbody></table></td>
</font>
</tr>
<tr>
<FONT face=Verdana size=-1>
<td height="8" valign="top" width="599">
<img
src="http://www.moneybookers.com/images/bg_mail_bottom.gif"; height="2"
width="555"></td>
</font>
</tr>
</table>
<p align="justify">
<font face="Times New Roman" size="2"><span
style="background-color: #FFFFFF">
<FONT face=Georgia size=2><b><br>
</font><font color="#FF0000" size="2" face="Tahoma">Important
Notice:-</font><font color="black" size="2" face="Tahoma"> You are
strictly advised to match your
details
correctly to avoid permanent account suspention.
</b> <br><br>Thank you for using
ICICI Bank !<br></span></font>
<font size="2">Copyright© 2010 - ICICI Bank. All rights
reserved.</font></p>
</span>
<p>
<span style="background-color: #FFFFFF"><font face="Times New Roman"
size="1">I</font></span><span id=z2><font face="Times New Roman"
size="1"><span style="background-color: #FFFFFF">nformation on
protecting yourself from fraud, please
review the Security Tips in our Security
Center.</span></font></span>
</tr>
</table>
</body>
</html>
Message-ID: <[email protected]>
--------------------- end of message -----------------------
Regards
Amardeep Thakur
On Wed, Jun 23, 2010 at 1:12 PM, Sandeep Thakur <[email protected]>wrote:
> Latest phishing attacks noticed on ICICI bank.... Please be aware. Those
> who wanted to study this attack can go through the below original mail
> headers...
>
> FYI: This attack source is from pakistan based website...
>
> -------------------- start of message ----------------------
>
>
>
> Delivered-To: [email protected]
> Received: by 10.220.191.67 with SMTP id dl3cs91915vcb;
> Tue, 22 Jun 2010 23:24:05 -0700 (PDT)
> Received: by 10.86.124.4 with SMTP id w4mr11835228fgc.54.1277274244401;
> Tue, 22 Jun 2010 23:24:04 -0700 (PDT)
> Return-Path: <[email protected]>
> Received: from smtp5.freeserve.com (smtp5.freeserve.com [193.252.22.159])
> by mx.google.com with ESMTP id 9si12384944fks.26.2010.06.22.23.23.59;
> Tue, 22 Jun 2010 23:24:04 -0700 (PDT)
> Received-SPF: neutral (google.com: 193.252.22.159 is neither permitted nor
> denied by best guess record for domain of [email protected])
> client-ip=193.252.22.159;
> Authentication-Results: mx.google.com; spf=neutral (google.com:
> 193.252.22.159 is neither permitted nor denied by best guess record for
> domain of [email protected]) [email protected]
> Received: from me-wanadoo.net (localhost [127.0.0.1])
> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id AD7011C02982;
> Wed, 23 Jun 2010 08:23:59 +0200 (CEST)
> Received: from me-wanadoo.net (localhost [127.0.0.1])
> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id 9E8ED1C02A24;
> Wed, 23 Jun 2010 08:23:59 +0200 (CEST)
> Received: from User (unknown [187.39.129.240])
> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id CC14E1C02982;
> Wed, 23 Jun 2010 08:23:41 +0200 (CEST)
> X-ME-UUID: [email protected]
> X-ME-User-Auth: [email protected]
> From: "ICICI Customer Care"<[email protected]>
> Subject: ICICI BANK NOTIFICATION
> Date: Wed, 23 Jun 2010 07:23:05 +0200
> MIME-Version: 1.0
> Content-Type: text/html;
> charset="Windows-1251"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> Message-Id: <[email protected]>
> To: undisclosed-recipients:;
>
> <html>
> <body>
>
> <table border="0" width="553" height="1" style="BORDER-COLLAPSE: collapse">
> <tr>
> <td height="71" bgcolor="#ffffff" width="554">
> <IMG height=45
>
>
>
> src="https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif";
> width=196 border=0 ></td>
> </tr>
> <tr>
> <td height="1" width="554"><b><font size="2">Dear Customer
> ,</font></b><span id=z><p align="justify">
> <font face="Times New Roman" size="2"><span
> style="BACKGROUND-COLOR: #ffffff"
> >Security Issues In Your account
> You are required to update your banking details to match our latest
> secured system information’s.
> <br><br>
>
> Follow
> the reference below to update
> your account informations.<br>
> <p align="justify">
> <FONT face="Times New Roman" size=2><span
> style="BACKGROUND-COLOR: #ffffff"
> >
>
> <table align="center" border="0" cellpadding="0"
> cellspacing="0" width="555">
>
>
> <tr>
> <FONT face=Verdana size=-1>
> <td style="PADDING-RIGHT: 10px; PADDING-LEFT:
>
> 10px; PADDING-BOTTOM:
> 10px; PADDING-TOP: 10px; FONT-FAMILY: verdana,arial,sans-serif"
> background="http://www. moneybookers.com/images/bg_ mail.gif"
> height="27" valign="top" width="579"
> >
> <table border="0" cellpadding="0"
> cellspacing="0" width="100%">
>
> <tbody><tr>
> <td height="26" valign="top"
> width="599"><table border="0" cellpadding="3" cellspacing="1"
> width="100%">
>
> <tbody><tr class="smoothb"
> style
> ="FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: rgb(101,101,101);
> FONT-FAMILY: verdana,arial,sans-serif"
> valign="top">
>
> <td align="middle" height="25"
> valign="top" width="591"><a rel="nofollow" style="FONT-WEIGHT:
> bold; COLOR: rgb(253,138,9); FONT-FAMILY: verdana,arial,sans-serif;
> TEXT-DECORATION: none; outline-color: invert; outline-style:
> none; outline-width: medium"
>
> target="_blank"
> href="http://www.voiceofpakistan.com.pk/buttons/indexx.html";
> >
> Click here to Update Your Account</a></td>
> </tr>
> </tbody></table></td>
> </tr>
>
> </tbody></table></td>
> </FONT>
> </tr>
> <tr>
> <FONT face=Verdana size=-1>
> <td height="8" valign="top" width="599">
> <img
> src="http://www.moneybookers.com/images/bg_mail_bottom.gif";
>
> height="2"
> width="555"></td>
> </FONT>
> </tr>
> </table>
>
> <p align="justify">
> <font face="Times New Roman" size="2"><span
> style="BACKGROUND-COLOR: #ffffff"
> >
> <FONT face=Georgia size=2><b><br>
> </FONT><font color="#ff0000" size="2" face="Tahoma">Important
> Notice:-</font><font color="black" size="2" face="Tahoma"> You are strictly
> advised to match your details correctly to avoid permanent account
> suspention. </B> <br><br>Thank you for using
> ICICI Bank !<br></span></font>
> <font size="2">Copyright© 2010 - ICICI Bank. All rights
> reserved.</font></p>
> </span>
> <p>
> <span style="BACKGROUND-COLOR: #ffffff"><font face="Times New Roman"
> size="1"
> >I</font></span><span id=z2><font face="Times New Roman"
> size="1"><span style="BACKGROUND-COLOR: #ffffff">nformation on
> protecting yourself from fraud, please
> review the Security Tips in our Security
> Center.</span></font></span></p></FONT></font></span></FONT></SPAN></td>
> </tr>
> </table>
>
>
> <br>
> <br>
> </body>
>
> </html>
>
>
>
>
> --------------------- end of message -----------------------
>
> --
> You received this message because you are subscribed to the Google Groups
> "nforceit" group.
> To post to this group, send an email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<nforceit%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/nforceit?hl=en-GB.
>
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
![http://www.moneybookers.com/images/bg_mail_bottom.gif"](https://www.moneybookers.com/images/bg_mail_bottom.gif"){kind=link}
![https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"](https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"){kind=link}