[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Fake ebay password stealer

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Re: Fake ebay password stealer
From: Sebastian Niehaus <killedbythoughts@mindcrime.net>
Date: 04 Oct 2003 21:33:31 +0200

tom@doctorunix.com writes:

> Following on the heels of the "very good looking" microsoft security patch
> worm, i am now in posession of an even more convincing "Ebay Request" to
> reconfirm your credit card number, PayPal account, password, etc.   This
> appears to be an excellent fake and we can expect many people to be
> tricked.
> 
> To see how good it looks, Checkout this image.  (It doesn't look like an
> image but it is actually a JPG which hides a link to the attacker's
> server.)  Many people will be fooled.  The url is fake (it is just a
> picture after all).  

Combine it with a QHosts-1 feature and you get your sensitive data
even from users looking for the URL displayed in the address field of
the browser.

Sebastian
-- 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Fake ebay password stealer
  - From: tom@doctorunix.com

Prev by Date: [Full-Disclosure] Mystery DNS Changes
Next by Date: RE: [Full-Disclosure] Bush Bashing (use to be Has Verisign time arrived ?)
Previous by thread: Re: [Full-Disclosure] Fake ebay password stealer
Next by thread: [Full-Disclosure] Potential denial of service bug in Cisco Pix Firewall IOS 6.2.2 a nd 6.3.(3.102)
Index(es):
- Date
- Thread