You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2006/08/31 01:02:06 UTC

Hacked E-Trade Phishing Site

Check at the top of this E-trade Phishing site:

http://196.1.161.115/e/t/user/login/

-- 
Chris
18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30

Re: Hacked E-Trade Phishing Site

Posted by Logan Shaw <ls...@emitinc.com>.

??? wrote:
>> Check at the top of this E-trade Phishing site:
>>
>> http://196.1.161.115/e/t/user/login/

On Wed, 30 Aug 2006, Steve Thomas wrote:
> That's brilliant. Looks like there's a creative grey-hat out there somewhere.
>
> Also interesting - the login form itself is a flash app. I haven't seen
> that before (but I don't check many of them out, either...).

I didn't notice that login form, but then I have the flashblock
firefox extension, so it didn't load.  I was wondering why
they'd have a phishing web site with no login form...

My guess is that the flash login form is an easy way to collect
the data, send it off somewhere else, then pass it through to
the real site.

   - Logan

Re: Hacked E-Trade Phishing Site

Posted by Steve Thomas <li...@sthomas.net>.

> Check at the top of this E-trade Phishing site:
>
> http://196.1.161.115/e/t/user/login/

That's brilliant. Looks like there's a creative grey-hat out there somewhere.

Also interesting - the login form itself is a flash app. I haven't seen
that before (but I don't check many of them out, either...).

St-

Re: Hacked E-Trade Phishing Site

Posted by Chris <cp...@earthlink.net>.

On Thursday 31 August 2006 7:54 pm, David B Funk wrote:
> On Wed, 30 Aug 2006, jdow wrote:
> > From: "Evan Platt" <ev...@espphotography.com>
> >
> > > At 04:02 PM 8/30/2006, you wrote:
> > >>Check at the top of this E-trade Phishing site:
> > >>
> > >>http://196.1.161.115/e/t/user/login/
> > >
> > > I get it but I don't get it. I could understand if it was an image,
> > > but that's TEXT.
> > >
> > > Cluless phisher?
> > >
> > >>18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30
> > >
> > > Must not be running a Windoze box eh?
> >
> > You did not read the very top line.
> > {^_^}   <- did a wget and read the html. There is an interesting
> >         <h1> line. And it appears most people will miss it.
>
> revisited it, the black-hat mostly fixed the grey-hat's "damage". ;

Maybe they'll start a "black-hat/grey-hat" war :)  

-- 
Chris
20:27:15 up 14 days, 3:10, 1 user, load average: 0.02, 0.17, 0.29

Re: Hacked E-Trade Phishing Site

Posted by David B Funk <db...@engineering.uiowa.edu>.

On Wed, 30 Aug 2006, jdow wrote:

> From: "Evan Platt" <ev...@espphotography.com>
>
> > At 04:02 PM 8/30/2006, you wrote:
> >>Check at the top of this E-trade Phishing site:
> >>
> >>http://196.1.161.115/e/t/user/login/
> >
> > I get it but I don't get it. I could understand if it was an image,
> > but that's TEXT.
> >
> > Cluless phisher?
> >
> >>18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30
> >
> > Must not be running a Windoze box eh?
>
> You did not read the very top line.
> {^_^}   <- did a wget and read the html. There is an interesting
>         <h1> line. And it appears most people will miss it.

revisited it, the black-hat mostly fixed the grey-hat's "damage". ;{



-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: Hacked E-Trade Phishing Site

Posted by jdow <jd...@earthlink.net>.

From: "Evan Platt" <ev...@espphotography.com>

> At 04:02 PM 8/30/2006, you wrote:
>>Check at the top of this E-trade Phishing site:
>>
>>http://196.1.161.115/e/t/user/login/
> 
> I get it but I don't get it. I could understand if it was an image, 
> but that's TEXT.
> 
> Cluless phisher?
> 
>>18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30
> 
> Must not be running a Windoze box eh?

You did not read the very top line.
{^_^}   <- did a wget and read the html. There is an interesting
        <h1> line. And it appears most people will miss it.

Re: Hacked E-Trade Phishing Site

Posted by Chris <cp...@earthlink.net>.

On Wednesday 30 August 2006 6:08 pm, Evan Platt wrote:
> At 04:02 PM 8/30/2006, you wrote:
> >Check at the top of this E-trade Phishing site:
> >
> >http://196.1.161.115/e/t/user/login/
>
> I get it but I don't get it. I could understand if it was an image,
> but that's TEXT.
>
> Cluless phisher?
>
> >18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30
>
> Must not be running a Windoze box eh?

Uh, no, I haven't in over four years now.

-- 
Chris
19:21:51 up 13 days, 2:05, 1 user, load average: 0.12, 0.12, 0.12

Re: Hacked E-Trade Phishing Site

Posted by Evan Platt <ev...@espphotography.com>.

At 04:02 PM 8/30/2006, you wrote:
>Check at the top of this E-trade Phishing site:
>
>http://196.1.161.115/e/t/user/login/

I get it but I don't get it. I could understand if it was an image, 
but that's TEXT.

Cluless phisher?

>18:00:23 up 13 days, 43 min, 1 user, load average: 0.39, 0.34, 0.30

Must not be running a Windoze box eh?