It seems the actual site it is leading you now is to below which is reported as malware/phishing site already.... http://blackcountrymortgages.com/prc/analysis/index.php
The code inside is for everyones' reference: -----------------------start of code-------------------- <html> <head> <meta http-equiv="refresh" content="0; url=http://blackcountrymortgages.com/prc/analysis/index.php"; content="text/html; charset=iso-8859-1"> </head> </body> </html> -------------------end of code-------------------- Regards Sandeep Thakur On Jun 24, 5:30 am, HAREN BHATT <[email protected]> wrote: > Hello , > One more,but this page redirects you tohttp://re-stone.co.uk/. > The page is attached .... > > Regards:Haren. > > On Thu, Jun 24, 2010 at 5:14 PM, Sadguru Thakur > <[email protected]>wrote: > > > One more similar attack today identified is given below. This time the > > vulnerable or non legitimate domains were suvvi.com, moneybookers and find > > your self.... :-) > > > --------------------- start of message ---------------------- > > > Received: by 10.220.191.67 with SMTP id dl3cs139438vcb; > > Wed, 23 Jun 2010 21:10:02 -0700 (PDT) > > Received: by 10.142.67.30 with SMTP id p30mr8191930wfa.154.1277352601743; > > Wed, 23 Jun 2010 21:10:01 -0700 (PDT) > > Return-Path: <[email protected]> > > Received: from relay.hostrack.net (relay.hostrack.net [204.10.142.241]) > > by mx.google.com with ESMTP id > > w26si17390103wfh.97.2010.06.23.21.10.00; > > Wed, 23 Jun 2010 21:10:01 -0700 (PDT) > > Received-SPF: pass (google.com: domain of [email protected] designates > > 204.10.142.241 as permitted sender) client-ip=204.10.142.241; > > Authentication-Results: mx.google.com; spf=pass (google.com: domain of > > [email protected] designates 204.10.142.241 as permitted sender) > > [email protected] > > Received: from windows4.hostrack.com (windows4.hostrack.com > > [204.10.137.244]) > > by relay.hostrack.net (Postfix) with ESMTP id DD7FCCA819A > > for <[email protected]>; Wed, 23 Jun 2010 13:06:26 -0700 (PDT) > > Received: from ([127.0.0.1]) with MailEnable ESMTP; Wed, 23 Jun 2010 > > 21:09:42 -0700 > > Date: Wed, 23 Jun 2010 21:09:42 H0800 > > Subject: YOU HAVE (1) INBOX MESSAGE FROM ICICI BANK > > To: [email protected] > > From: ICICI <[email protected]> > > Reply-To: [email protected] > > MIME-Version: 1.0 > > Content-Type: text/html > > Content-Transfer-Encoding: 8bit > > Message-Id: <[email protected]> > > > <html> > > <body> > > <table border="0" width="553" height="1" style="border-collapse: collapse"> > > <tr> > > <td height="71" bgcolor="#FFFFFF" width="554"> > > <img border="0" > > src="https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif > > " > > width="196" height="45"></td> > > </tr> > > <tr> > > <td height="1" width="554"><b><font size="2">Dear Customer > > ,</font></b><span id=z><p align="justify"> > > <font face="Times New Roman" size="2"><span > > style="background-color: #FFFFFF"> > > We have successfully completed the Upgradation of our NetBanking > > Services. > > We are thankful to all of our Customers for their co-operation. > > <br><br> > > You are required to update your NetBanking details at this time.<br> > > <p align="justify"> > > <FONT face="Times New Roman" size=2><span > > style="background-color: #FFFFFF"> > > > <table align="center" border="0" cellpadding="0" > > cellspacing="0" width="555"> > > <tr> > > <FONT face=Verdana size=-1> > > <td style="padding: 10px; font-family: > > verdana,arial,sans-serif;" > > background="http://www. moneybookers.com/images/bg_ mail.gif" > > height="27" valign="top" width="579"> > > <table border="0" cellpadding="0" > > cellspacing="0" width="100%"> > > <tbody><tr> > > <td height="26" valign="top" > > width="599"><table border="0" cellpadding="3" cellspacing="1" > > width="100%"> > > <tbody><tr class="smoothb" > > style="font-family: verdana,arial,sans-serif; font-size: 11px; > > font-weight: bold; color: rgb(101, 101, 101);" valign="top"> > > <td align="center" height="25" > > valign="top" width="591"><a rel="nofollow" style="font-family: > > verdana,arial,sans-serif; color: rgb(253, 138, 9); text-decoration: > > none; outline-color: invert; outline-style: none; outline-width: > > medium; font-weight: bold;" target="_blank" > > href="http://suviii.com/final%20images/ic/indexx.html > > "> > > Click here to Update Your Account</a></td> > > </tr> > > </tbody></table></td> > > </tr> > > </tbody></table></td> > > </font> > > </tr> > > <tr> > > <FONT face=Verdana size=-1> > > <td height="8" valign="top" width="599"> > > <img > > src="http://www.moneybookers.com/images/bg_mail_bottom.gif"; height="2" > > width="555"></td> > > </font> > > </tr> > > </table> > > <p align="justify"> > > <font face="Times New Roman" size="2"><span > > style="background-color: #FFFFFF"> > > <FONT face=Georgia size=2><b><br> > > </font><font color="#FF0000" size="2" face="Tahoma">Important > > Notice:-</font><font color="black" size="2" face="Tahoma"> You are strictly > > advised to match your > > details > > correctly to avoid permanent account suspention. > > </b> <br><br>Thank you for using > > ICICI Bank !<br></span></font> > > <font size="2">Copyright© 2010 - ICICI Bank. All rights > > reserved.</font></p> > > </span> > > <p> > > <span style="background-color: #FFFFFF"><font face="Times New Roman" > > size="1">I</font></span><span id=z2><font face="Times New Roman" > > size="1"><span style="background-color: #FFFFFF">nformation on > > protecting yourself from fraud, please > > review the Security Tips in our Security > > Center.</span></font></span> > > </tr> > > </table> > > </body> > > </html> > > Message-ID: <[email protected]> > > > --------------------- end of message ----------------------- > > > Regards > > Amardeep Thakur > > > On Wed, Jun 23, 2010 at 1:12 PM, Sandeep Thakur > > <[email protected]>wrote: > > >> Latest phishing attacks noticed on ICICI bank.... Please be aware. Those > >> who wanted to study this attack can go through the below original mail > >> headers... > > >> FYI: This attack source is from pakistan based website... > > >> -------------------- start of message ---------------------- > > >> Delivered-To: [email protected] > >> Received: by 10.220.191.67 with SMTP id dl3cs91915vcb; > >> Tue, 22 Jun 2010 23:24:05 -0700 (PDT) > >> Received: by 10.86.124.4 with SMTP id w4mr11835228fgc.54.1277274244401; > >> Tue, 22 Jun 2010 23:24:04 -0700 (PDT) > >> Return-Path: <[email protected]> > >> Received: from smtp5.freeserve.com (smtp5.freeserve.com [193.252.22.159]) > >> by mx.google.com with ESMTP id > >> 9si12384944fks.26.2010.06.22.23.23.59; > >> Tue, 22 Jun 2010 23:24:04 -0700 (PDT) > >> Received-SPF: neutral (google.com: 193.252.22.159 is neither permitted nor > >> denied by best guess record for domain of [email protected]) > >> client-ip=193.252.22.159; > >> Authentication-Results: mx.google.com; spf=neutral (google.com: > >> 193.252.22.159 is neither permitted nor denied by best guess record for > >> domain of [email protected]) [email protected] > >> Received: from me-wanadoo.net (localhost [127.0.0.1]) > >> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id > >> AD7011C02982; > >> Wed, 23 Jun 2010 08:23:59 +0200 (CEST) > >> Received: from me-wanadoo.net (localhost [127.0.0.1]) > >> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id > >> 9E8ED1C02A24; > >> Wed, 23 Jun 2010 08:23:59 +0200 (CEST) > >> Received: from User (unknown [187.39.129.240]) > >> by mwinf3402.me.freeserve.com (SMTP Server) with ESMTP id > >> CC14E1C02982; > >> Wed, 23 Jun 2010 08:23:41 +0200 (CEST) > >> X-ME-UUID: [email protected] > >> X-ME-User-Auth: [email protected] > >> From: "ICICI Customer Care"<[email protected]> > >> Subject: ICICI BANK NOTIFICATION > >> Date: Wed, 23 Jun 2010 07:23:05 +0200 > >> MIME-Version: 1.0 > >> Content-Type: text/html; > >> charset="Windows-1251" > >> Content-Transfer-Encoding: 7bit > >> X-Priority: 3 > >> X-MSMail-Priority: Normal > >> X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > >> Message-Id: <[email protected]> > >> To: undisclosed-recipients:; > > >> <html> > >> <body> > > >> <table border="0" width="553" height="1" style="BORDER-COLLAPSE: collapse"> > >> <tr> > >> <td height="71" bgcolor="#ffffff" width="554"> > >> <IMG height=45 > > >> src="https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"; > >> width=196 border=0 ></td> > >> </tr> > >> <tr> > >> <td height="1" width="554"><b><font size="2">Dear Customer > >> ,</font></b><span id=z><p align="justify"> > >> <font face="Times New Roman" size="2"><span > >> style="BACKGROUND-COLOR: #ffffff" > >> >Security Issues In Your account > >> You are required to update your banking details to match our latest > >> secured system information’s. > >> <br><br> > > >> Follow > >> the reference below to update > >> your account informations.<br> > >> <p align="justify"> > >> <FONT face="Times New Roman" size=2><span > >> style="BACKGROUND-COLOR: #ffffff" > > >> <table align="center" border="0" cellpadding="0" > >> cellspacing="0" width="555"> > > >> <tr> > >> <FONT face=Verdana size=-1> > >> <td style="PADDING-RIGHT: 10px; PADDING-LEFT: > > >> 10px; PADDING-BOTTOM: > >> 10px; PADDING-TOP: 10px; FONT-FAMILY: verdana,arial,sans-serif" > >> background="http://www. moneybookers.com/images/bg_ mail.gif" > >> height="27" valign="top" width="579" > > >> <table border="0" cellpadding="0" > >> cellspacing="0" width="100%"> > > >> <tbody><tr> > >> <td height="26" valign="top" > >> width="599"><table border="0" cellpadding="3" cellspacing="1" > >> width="100%"> > > >> <tbody><tr class="smoothb" > >> style > > ... > > read more » > > ICICI Bank Account Enrollment form.pdf.html > < 1KViewDownload -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
![http://www.moneybookers.com/images/bg_mail_bottom.gif"](https://www.moneybookers.com/images/bg_mail_bottom.gif"){kind=link}
![https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"](https://infinity.icicibank.co.in/web/L001/images/icici/icicibanklogo.gif"){kind=link}