l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2003 Sep 25 07:30

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] one of the most pernicious spams i've ever seen.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] one of the most pernicious spams i've ever seen.



On Thu, Sep 25, 2003 at 06:30:32AM -0700, p@dirac.org wrote:
> when you feed a browser the given url, the citibank page comes up.  but
> you also get a small page with a form that asks for your bank account
> number and PIN.
[snip]
> my question is -- how is this done?  how does this URL:
> 
> http://www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSeM.NeT/3/?IYTEw
> 4eVTtbH1w6CpDrT
> 
> bring up citibank.com's webpage and then another page with the
> account/PIN grabber?  i've never seen anything like this before.

If you break down that url it looks like:

www.citibank.com <- username
: <- seperator
ac=VybznNffNxknAUxPrfE2jYaQUptJ <- password
@ <- at (duh)
a3ksd.PiSeM.NeT <- servername
/3/?IYTEw4eVTtbH1w6CpDrT <- misc crap

And doing a wget on that url gives me this (comments added)


<HTML><HEAD>
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://citibank.com/us/index.htm";>

<title></title></HEAD>
<BODY bgColor=#ffffff onload="window.open('welcome2.html', 'nameit',
'top=185,left=250,width=300,height=230,toolbar=no,location=no,scrollbars=
no,resizable=no')">
</BODY></HTML>


Even if you don't know HTML, it's fairly easy to see what it's doing.
It's immediately redirecting you to the citibank page, and telling your
browser to give you the popup at the same time.

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!