Hello , One more,but this page redirects you to http://re-stone.co.uk/. The page is attached ....
Regards:Haren. On Thu, Jun 24, 2010 at 5:14 PM, Sadguru Thakur <[email protected]>wrote: > One more similar attack today identified is given below. This time the > vulnerable or non legitimate domains were suvvi.com, moneybookers and find > your self.... :-) > > > --------------------- start of message ---------------------- > > > > Received: by 10.220.191.67 with SMTP id dl3cs139438vcb; > Wed, 23 Jun 2010 21:10:02 -0700 (PDT) > Received: by 10.142.67.30 with SMTP id p30mr8191930wfa.154.1277352601743; > Wed, 23 Jun 2010 21:10:01 -0700 (PDT) > Return-Path: <[email protected]> > Received: from relay.hostrack.net (relay.hostrack.net [204.10.142.241]) > by mx.google.com with ESMTP id > w26si17390103wfh.97.2010.06.23.21.10.00; > Wed, 23 Jun 2010 21:10:01 -0700 (PDT) > Received-SPF: pass (google.com: domain of [email protected] designates > 204.10.142.241 as permitted sender) client-ip=204.10.142.241; > Authentication-Results: mx.google.com; spf=pass (google.com: domain of > [email protected] designates 204.10.142.241 as permitted sender) > [email protected] > Received: from windows4.hostrack.com (windows4.hostrack.com [204.10.137.244]) > by relay.hostrack.net (Postfix) with ESMTP id DD7FCCA819A > for <[email protected]>; Wed, 23 Jun 2010 13:06:26 -0700 (PDT) > Received: from ([127.0.0.1]) with MailEnable ESMTP; Wed, 23 Jun 2010 21:09:42 > -0700 > Date: Wed, 23 Jun 2010 21:09:42 H0800 > Subject: YOU HAVE (1) INBOX MESSAGE FROM ICICI BANK > To: [email protected] > From: ICICI <[email protected]> > Reply-To: [email protected] > MIME-Version: 1.0 > Content-Type: text/html > Content-Transfer-Encoding: 8bit > Message-Id: <[email protected]> > > <html> > <body> > <table border="0" width="553" height="1" style="border-collapse: collapse"> > <tr> > <td height="71" bgcolor="#FFFFFF" width="554"> > <img border="0" > src="https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif > " > width="196" height="45"></td> > </tr> > <tr> > <td height="1" width="554"><b><font size="2">Dear Customer > ,</font></b><span id=z><p align="justify"> > <font face="Times New Roman" size="2"><span > style="background-color: #FFFFFF"> > We have successfully completed the Upgradation of our NetBanking Services. > We are thankful to all of our Customers for their co-operation. > <br><br> > You are required to update your NetBanking details at this time.<br> > <p align="justify"> > <FONT face="Times New Roman" size=2><span > style="background-color: #FFFFFF"> > > <table align="center" border="0" cellpadding="0" > cellspacing="0" width="555"> > <tr> > <FONT face=Verdana size=-1> > <td style="padding: 10px; font-family: > verdana,arial,sans-serif;" > background="http://www. moneybookers.com/images/bg_ mail.gif" > height="27" valign="top" width="579"> > <table border="0" cellpadding="0" > cellspacing="0" width="100%"> > <tbody><tr> > <td height="26" valign="top" > width="599"><table border="0" cellpadding="3" cellspacing="1" > width="100%"> > <tbody><tr class="smoothb" > style="font-family: verdana,arial,sans-serif; font-size: 11px; > font-weight: bold; color: rgb(101, 101, 101);" valign="top"> > <td align="center" height="25" > valign="top" width="591"><a rel="nofollow" style="font-family: > verdana,arial,sans-serif; color: rgb(253, 138, 9); text-decoration: > none; outline-color: invert; outline-style: none; outline-width: > medium; font-weight: bold;" target="_blank" > href="http://suviii.com/final%20images/ic/indexx.html > "> > Click here to Update Your Account</a></td> > </tr> > </tbody></table></td> > </tr> > </tbody></table></td> > </font> > </tr> > <tr> > <FONT face=Verdana size=-1> > <td height="8" valign="top" width="599"> > <img > src="http://www.moneybookers.com/images/bg_mail_bottom.gif"; height="2" > width="555"></td> > </font> > </tr> > </table> > <p align="justify"> > <font face="Times New Roman" size="2"><span > style="background-color: #FFFFFF"> > <FONT face=Georgia size=2><b><br> > </font><font color="#FF0000" size="2" face="Tahoma">Important > Notice:-</font><font color="black" size="2" face="Tahoma"> You are strictly > advised to match your > details > correctly to avoid permanent account suspention. > </b> <br><br>Thank you for using > ICICI Bank !<br></span></font> > <font size="2">Copyright© 2010 - ICICI Bank. All rights > reserved.</font></p> > </span> > <p> > <span style="background-color: #FFFFFF"><font face="Times New Roman" > size="1">I</font></span><span id=z2><font face="Times New Roman" > size="1"><span style="background-color: #FFFFFF">nformation on > protecting yourself from fraud, please > review the Security Tips in our Security > Center.</span></font></span> > </tr> > </table> > </body> > </html> > Message-ID: <[email protected]> > > > > > > --------------------- end of message ----------------------- > > > Regards > Amardeep Thakur > > On Wed, Jun 23, 2010 at 1:12 PM, Sandeep Thakur <[email protected]>wrote: > >> Latest phishing attacks noticed on ICICI bank.... Please be aware. Those >> who wanted to study this attack can go through the below original mail >> headers... >> >> FYI: This attack source is from pakistan based website... >> >> -------------------- start of message ---------------------- >> >> >> >> Delivered-To: [email protected] >> Received: by 10.220.191.67 with SMTP id dl3cs91915vcb; >> Tue, 22 Jun 2010 23:24:05 -0700 (PDT) >> Received: by 10.86.124.4 with SMTP id w4mr11835228fgc.54.1277274244401; >> Tue, 22 Jun 2010 23:24:04 -0700 (PDT) >> Return-Path: <[email protected]> >> Received: from smtp5.freeserve.com (smtp5.freeserve.com [193.252.22.159]) >> by mx.google.com with ESMTP id 9si12384944fks.26.2010.06.22.23.23.59; >> Tue, 22 Jun 2010 23:24:04 -0700 (PDT) >> Received-SPF: neutral (google.com: 193.252.22.159 is neither permitted nor >> denied by best guess record for domain of [email protected]) >> client-ip=193.252.22.159; >> Authentication-Results: mx.google.com; spf=neutral (google.com: >> 193.252.22.159 is neither permitted nor denied by best guess record for >> domain of [email protected]) [email protected] >> Received: from me-wanadoo.net (localhost [127.0.0.1]) >> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id AD7011C02982; >> Wed, 23 Jun 2010 08:23:59 +0200 (CEST) >> Received: from me-wanadoo.net (localhost [127.0.0.1]) >> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id 9E8ED1C02A24; >> Wed, 23 Jun 2010 08:23:59 +0200 (CEST) >> Received: from User (unknown [187.39.129.240]) >> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id CC14E1C02982; >> Wed, 23 Jun 2010 08:23:41 +0200 (CEST) >> X-ME-UUID: [email protected] >> X-ME-User-Auth: [email protected] >> From: "ICICI Customer Care"<[email protected]> >> Subject: ICICI BANK NOTIFICATION >> Date: Wed, 23 Jun 2010 07:23:05 +0200 >> MIME-Version: 1.0 >> Content-Type: text/html; >> charset="Windows-1251" >> Content-Transfer-Encoding: 7bit >> X-Priority: 3 >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2600.0000 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 >> Message-Id: <[email protected]> >> To: undisclosed-recipients:; >> >> <html> >> <body> >> >> <table border="0" width="553" height="1" style="BORDER-COLLAPSE: collapse"> >> <tr> >> <td height="71" bgcolor="#ffffff" width="554"> >> <IMG height=45 >> >> >> >> src="https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"; >> width=196 border=0 ></td> >> </tr> >> <tr> >> <td height="1" width="554"><b><font size="2">Dear Customer >> ,</font></b><span id=z><p align="justify"> >> <font face="Times New Roman" size="2"><span >> style="BACKGROUND-COLOR: #ffffff" >> >Security Issues In Your account >> You are required to update your banking details to match our latest >> secured system information’s. >> <br><br> >> >> Follow >> the reference below to update >> your account informations.<br> >> <p align="justify"> >> <FONT face="Times New Roman" size=2><span >> style="BACKGROUND-COLOR: #ffffff" >> > >> >> <table align="center" border="0" cellpadding="0" >> cellspacing="0" width="555"> >> >> >> <tr> >> <FONT face=Verdana size=-1> >> <td style="PADDING-RIGHT: 10px; PADDING-LEFT: >> >> 10px; PADDING-BOTTOM: >> 10px; PADDING-TOP: 10px; FONT-FAMILY: verdana,arial,sans-serif" >> background="http://www. moneybookers.com/images/bg_ mail.gif" >> height="27" valign="top" width="579" >> > >> <table border="0" cellpadding="0" >> cellspacing="0" width="100%"> >> >> <tbody><tr> >> <td height="26" valign="top" >> width="599"><table border="0" cellpadding="3" cellspacing="1" >> width="100%"> >> >> <tbody><tr class="smoothb" >> style >> ="FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: rgb(101,101,101); >> FONT-FAMILY: verdana,arial,sans-serif" >> valign="top"> >> >> <td align="middle" height="25" >> valign="top" width="591"><a rel="nofollow" style="FONT-WEIGHT: >> bold; COLOR: rgb(253,138,9); FONT-FAMILY: verdana,arial,sans-serif; >> TEXT-DECORATION: none; outline-color: invert; outline-style: >> none; outline-width: medium" >> >> target="_blank" >> href="http://www.voiceofpakistan.com.pk/buttons/indexx.html"; >> > >> Click here to Update Your Account</a></td> >> </tr> >> </tbody></table></td> >> </tr> >> >> </tbody></table></td> >> </FONT> >> </tr> >> <tr> >> <FONT face=Verdana size=-1> >> <td height="8" valign="top" width="599"> >> <img >> src="http://www.moneybookers.com/images/bg_mail_bottom.gif"; >> >> height="2" >> width="555"></td> >> </FONT> >> </tr> >> </table> >> >> <p align="justify"> >> <font face="Times New Roman" size="2"><span >> style="BACKGROUND-COLOR: #ffffff" >> > >> <FONT face=Georgia size=2><b><br> >> </FONT><font color="#ff0000" size="2" face="Tahoma">Important >> Notice:-</font><font color="black" size="2" face="Tahoma"> You are strictly >> advised to match your details correctly to avoid permanent account >> suspention. </B> <br><br>Thank you for using >> ICICI Bank !<br></span></font> >> <font size="2">Copyright© 2010 - ICICI Bank. All rights >> reserved.</font></p> >> </span> >> <p> >> <span style="BACKGROUND-COLOR: #ffffff"><font face="Times New Roman" >> size="1" >> >I</font></span><span id=z2><font face="Times New Roman" >> size="1"><span style="BACKGROUND-COLOR: #ffffff">nformation on >> protecting yourself from fraud, please >> review the Security Tips in our Security >> Center.</span></font></span></p></FONT></font></span></FONT></SPAN></td> >> </tr> >> </table> >> >> >> <br> >> <br> >> </body> >> >> </html> >> >> >> >> >> --------------------- end of message ----------------------- >> >> -- >> You received this message because you are subscribed to the Google Groups >> "nforceit" group. >> To post to this group, send an email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<nforceit%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/nforceit?hl=en-GB. >> > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- Thanks & Regards: Haren Bhatt | Security Analyst |MCSA |SCSA |ENSA |CEHv5 |ECSA-LPT . Blog : http://security-culture.blogspot.com/ "We Have A Culture Of Security." NOTICE:This communication is meant only for the addressee(s) named above and may contain information which is and/or legally privileged. If you are not the named addressee(s), or the agent responsible for receiving and delivering this communication to the named addressee(s), this communication has been sent to you in error, please notify the sender and delete all copies. If so, kindly contact us immediately for retrieval purposes. Unauthorized dissemination, distribution, copying or reliance on this communication is prohibited and may attract criminal penalties. For privacy reasons all the addressee(s) may be hidden. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
![http://www.moneybookers.com/images/bg_mail_bottom.gif"](https://www.moneybookers.com/images/bg_mail_bottom.gif"){kind=link}
![https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"](https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"){kind=link}