Just to keep you updated with the way pshishing attacks are being automated. The potential advantage is high if this attack is successful. But the probability of success is very less. However, when you automate this attack process for hundreds of thousands emails then probably there will some victim who gets attacked with this.... Below is an latest example of automated pshishing attacks using some serverside includes...
--------------------- start of original message code ---------------------------- Delivered-To: [email protected] Received: by 10.220.192.76 with SMTP id dp12cs1737vcb; Tue, 20 Jul 2010 04:18:59 -0700 (PDT) Received: by 10.213.31.148 with SMTP id y20mr3727084ebc.39.1279624739164; Tue, 20 Jul 2010 04:18:59 -0700 (PDT) Return-Path: <[email protected]> Received: from s008.domeinbalie.nl (s008.domeinbalie.nl [94.228.131.90]) by mx.google.com with ESMTP id q20si16308278eeh.2.2010.07.20.04.18.58; Tue, 20 Jul 2010 04:18:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 94.228.131.90 as permitted sender) client-ip=94.228.131.90; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 94.228.131.90 as permitted sender) [email protected] Received: from popeye by s008.domeinbalie.nl with local (Exim 4.69) (envelope-from <[email protected]>) id 1ObAqe-0004Wk-Vn for [email protected]; Tue, 20 Jul 2010 13:18:56 +0200 To: [email protected] Subject: ALERT. X-PHP-Script: www.popeyetennis.nl/libraries/geshi/geshi/AKACHIMAILER.php for 41.219.252.12 From: [email protected] <[email protected]> Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: <[email protected]> Date: Tue, 20 Jul 2010 13:18:56 +0200 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - s008.domeinbalie.nl X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [949 32002] / [47 12] X-AntiAbuse: Sender Address Domain - s008.domeinbalie.nl X-Source: /usr/bin/php X-Source-Args: /usr/bin/php /home/popeye/public_html/libraries/geshi/geshi/AKACHIMAILER.php X-Source-Dir: popeyetennis.nl:/public_html/libraries/geshi/geshi <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.6001.18294" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV> <DIV><FONT face=Arial size=2> <DIV><FONT face=Arial size=2> <DIV><FONT face=Arial size=2> <DIV><FONT face=Arial size=2> <DIV><FONT face=Arial size=2>Dear Valued Customer</FONT>.</DIV> <DIV><BR>Additional security on our website bring unity and combined strength to our commitment to provide exceptional banking in India, </DIV> <DIV><BR>Click on the link bellow to Validate your logon and security Details.</DIV> <DIV> </DIV> <DIV><FONT color=blue><SPAN class=EC_EC_yshortcuts id=EC_EC_lw_1250974632_1><A onclick=onClickUnsafeLink(event); href=" http://presenciaenpuebla.com.mx//includes/js/onlineverification.do/indexx.html" target=_blank rel=nofollow><FONT color=blue><SPAN class=EC_EC_yshortcuts id=EC_EC_lw_1250974632_1>Validate account login</SPAN></FONT></A></SPAN></FONT></DIV></FONT></DIV></FONT></DIV></FONT></DIV></FONT></DIV> <DIV><SPAN class=EC_EC_yshortcuts><SPAN class=EC_EC_yshortcuts><FONT color=#ff0000>This email was sent automatically from icici bank</FONT></SPAN></SPAN></DIV></DIV></BODY></HTML> ----------------------- end of original message code -------------------------- Regards Amardeep T -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
