[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] US Bank scam

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] US Bank scam
From: "Scott Dodson" <sdodson@xxxxxxxxxxx>
Date: Tue, 15 Jun 2004 19:24:54 -0400

-----Original Message-----
>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure->admin@xxxxxxxxxxxxxxxx] On Behalf Of David
Lederman
>Sent: Tuesday, June 15, 2004 12:30 PM
>To: full-disclosure@xxxxxxxxxxxxxxxx
>Subject: [Full-Disclosure] US Bank scam
>
>This is the best phishing scam I've seen yet:
>http://www.bis1bp.com/a12/index.html
>
>I have Windows Server 2003 fully patched and this works. The program
fakes >an address bar so this
>would pass through most people's safety check, after all the address
bar >clearly has the correct
>address. 

>There are bugs in the code, for example, all your Internet Explorer
windows >will now have this
>address, but again for most people would only have one window open. 
>


With XP SP2 build 2149 (RC2) it shows up immediately below the address
bar.  

http://www.sdodson.com/phishing.jpg for a view.

--
Scott

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] US Bank scam
  - From: Nick FitzGerald

References:
- [Full-Disclosure] US Bank scam
  - From: David Lederman

Prev by Date: Re: [Full-Disclosure] Akamai
Next by Date: RE: [Full-Disclosure] Akamai
Previous by thread: Re: [Full-Disclosure] US Bank scam
Next by thread: RE: [Full-Disclosure] US Bank scam
Index(es):
- Date
- Thread