The increase of these kind of emails might be due to the IE URL Spoof Vuln that has become very well publised over recent weeks / months. Check details out at: http://xforce.iss.net/xforce/xfdb/13935 Two examples at: http://www.zapthedingbat.com/security/ex01/vun1.htm http://redux.myftp.org/modhouse/vuln.php To my knowledge no microsoft patch available? Regards, M -----Original Message----- From: Dan Clark [mailto:dan(a)scarfies.net] Sent: Friday, 30 January 2004 9:31 a.m. To: Steve Withers; nznog Subject: Re: [nznog] Credit card fraudsters...... was that sent from domestic or somewhere far off overseas? I have seen quite an increase in these kinds of emails, similar ones said to be from top Banking corperations and they even include actual logo's etc but the page you go to to change your password is way off overseas at some weird IP address instead of https://secure.westpac... etc Also, there is a very convincing PayPal one floating around also, getting unsuspecting users to change their password to 'increase security' Kind Regards Dan Clark Network Manager Scarfies.Net Ltd ----- Original Message ----- From: "Steve Withers" To: "nznog" Sent: Friday, January 30, 2004 9:41 AM Subject: [nznog] Credit card fraudsters......

In my e-mail this morning, with a clickable button to take me to their 'secure site':

From: security(a)visa-security.com

Dear Sir/Madam, We were informed that your credit card is used by another person or stolen. It could happen if you have been shopping on-line, and someone got your "Billing information" including your credit card number. To avoid and prevent any further fraud and billing mistakes and to refund your credit card, it is strongly recommended to proceed filling in the secure form on our site and applying for our Zero Liability program. Program is free and it will help us to confirm the fact of fraud and investigate this accident as soon as possible. Sincerely yours, Visa Support Assistant, Alwin Desagun.

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Issued: February 2, 2004 Version: 1.0 Nznog is a powerful thing. Either that or they just published their new montly updates =] "V1.0 February 2, 2003: Bulletin published. " QA still tops. Cheers, M -----Original Message----- From: Ted Grenfell [mailto:ted.grenfell(a)team.xtra.co.nz] Sent: Tuesday, 3 February 2004 11:19 a.m. To: nznog(a)list.waikato.ac.nz Subject: RE: [nznog] Credit card fraudsters...... Doesn't MS Patch MS04-004 take care of this? http://www.microsoft.com/technet/security/bulletin/ms04-004.asp At 09:44 30/01/04, Mark Piper wrote:

The increase of these kind of emails might be due to the IE URL Spoof Vuln that has become very well publised over recent weeks / months.

Check details out at:

http://xforce.iss.net/xforce/xfdb/13935

Two examples at:

http://www.zapthedingbat.com/security/ex01/vun1.htm http://redux.myftp.org/modhouse/vuln.php

To my knowledge no microsoft patch available?

Regards,

M -----Original Message----- From: Dan Clark [mailto:dan(a)scarfies.net] Sent: Friday, 30 January 2004 9:31 a.m. To: Steve Withers; nznog Subject: Re: [nznog] Credit card fraudsters......

was that sent from domestic or somewhere far off overseas?

I have seen quite an increase in these kinds of emails, similar ones said to be from top Banking corperations and they even include actual logo's etc but the page you go to to change your password is way off overseas at some weird IP address instead of https://secure.westpac... etc Also, there is a very convincing PayPal one floating around also, getting unsuspecting users to change their password to 'increase security'

Kind Regards Dan Clark Network Manager Scarfies.Net Ltd

----- Original Message ----- From: "Steve Withers" To: "nznog" Sent: Friday, January 30, 2004 9:41 AM Subject: [nznog] Credit card fraudsters......

...

In my e-mail this morning, with a clickable button to take me to their 'secure site':

From: security(a)visa-security.com

Dear Sir/Madam, We were informed that your credit card is used by another person or stolen. It could happen if you have been shopping on-line, and someone got your "Billing information" including your credit card number. To avoid and prevent any further fraud and billing mistakes and to refund your credit card, it is strongly recommended to proceed filling in the secure form on our site and applying for our Zero Liability program. Program is free and it will help us to confirm the fact of fraud and investigate this accident as soon as possible. Sincerely yours, Visa Support Assistant, Alwin Desagun.

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Regards, -- Ted Grenfell, ISP Performance Manager, Xtra IT Capability, Telecom NZ Limited Mob: +64 274 435 455; DDI: +64 9359 5854; Fax: +64 9309 2921 ICQ: 191891; MSN Messenger: ted.grenfell(a)team.xtra.co.nz Level 2 The Plaza, 2 Hereford St, Private Bag 92028, Auckland CBD This email is for the person(s) identified above, and is confidential to the sender and the person(s). No one else is authorised to use or disseminate this email or its contents. The email or its contents do not necessarily represent the views of Xtra Limited or Telecom. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog