[unisog] phishing attack against email credentials at auckland.ac.nz

James Riden j.riden at massey.ac.nz
Tue Jun 7 03:12:27 GMT 2005


Joseph Brennan <brennan at columbia.edu> writes:

> --On Tuesday, June 7, 2005 10:00 AM +1200 Russell Fulton 
> <r.fulton at auckland.ac.nz> wrote:
> 
> >
> > Dear Valued Member,
> >
> > According to our site policy you will have to confirm your account by
> > the following link or else your account will be suspended within 24
> > hours for security reasons.
> 
> 
> Just seen here too in New York, in mail supposedly from
> webmaster at columbia.edu.  No one so far has submitted one with
> headers or html code (thanks to client design... grrrrr).

Looks like a new Mytob variant - the executable I downloaded has the
following md5:

% md5sum Confirm.com
abe53b50708a546873bdf8745c3236ac  Confirm.com

Virustotal says the following:
BitDefender	7.0	06.07.2005	Win32.Worm.Mytob.BD
Fortinet	2.27.0.0	06.07.2005	suspicious
Kaspersky	4.0.2.24	06.07.2005	Net-Worm.Win32.Mytob.bd
McAfee	4507	06.06.2005	New Malware.f
NOD32v2	1.1131	06.06.2005	a variant of Win32/Mytob
Sybari	7.5.1314	06.07.2005	Net-Worm.Win32.Mytob.bd

all others were 'nothing found' as of this 12noon GMT+1200.

Forged sender addresses are mail, admin, administrator, webmaster,
mail, support and service at domain.example.com.

HTML code here was just:

"According to our site policy you will have to confirm your account by
the following link or else your account will be suspended within 24
hours for security reasons.  
<A href="http://205.138.199.146/confirm.php?email=[elided@massey.ac.nz]">http://www.massey.ac.nz/confirm.php?email=[elided@massey.ac.nz]</A>

Thank you for your attention to this question. We
apologize for any inconvenience.

Sincerely,Massey Security Department Assistant."

HTH. cheers,
 Jamie
-- 
James Riden / j.riden at massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




More information about the unisog mailing list