[Full-disclosure] Re: Amazon Phishing Scam - Tech Details

["Dave Korn" <davek_throwaway@xxxxxxxxxxx>]

DAN MORRILL wrote in news:BAY115-F1445950D27D49C91C2F875C03A0@xxxxxxx
> Ran across a very nice phishing scam from amazon this morning. Technical
> details follow as suggested black list for this domain. It was really
> nice, very authentic looking, and would suck in a lot of folks because it
> really looked very good. It has been reported to Amazon, but thought I
> would include the technical details to this group.

> Received: (from apache@localhost)by thebe.jtan.com (8.13.3/8.13.3/Submit)
> id jBFKYkhi014107;Thu, 15 Dec 2005 15:34:46 -0500

> Return-Path: apache@xxxxxxxxxxxxxx

> With an eventual owner here (Suspected hacked site http://thebe.jtan.com/)

Yeesh!

http://www.google.co.uk/search?q=site%3Athebe.jtan.com&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-GB:official

Including the _very_ informative http://thebe.jtan.com/phptest.php

[  And fascinatingly enough, it seems to host a site related to some grade
school in Salem.  In light of the recent news articles about privacy breach
of a school psychiatrist's report on a pupil there, I wonder if we may have 
stumbled across the host in question.
http://news.google.co.uk/news?hl=en&hs=0Yb&client=firefox-a&rls=org.mozilla%3Aen-GB%3Aofficial&spell=1&tab=wn&ie=ISO-8859-1&q=salem+school+public+web+site+privacy&btnG=Search+News
   
]


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/