Forum Navigation

Phishing Scam: feder.com / nlpshoping.com

 
Post new topic   Reply to topic    Zombie Nexus Forum Index -> Security
View previous topic :: View next topic  
Author Message
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Fri Oct 21, 2005 2:11 pm    Post subject: Phishing Scam: feder.com / nlpshoping.com Reply with quote

Yet another email phishing scam has landed in someone's inbox at work today Sad This one has the following details:

NOTICE: YOUR TRANSACTION DENIED

Dear Customer.
You've specified this email as reachable. 

Unfortunately, we were unable to process your transaction
at this time for the following reason: 

Transaction Denied by Bank. 

Order details:

Date: 10/20/05
Your order number is: 203401

You have ordered the following:

              Price
Book 1          60.80
Book 2          50.00
Setup fee       9.00

+VAT 17.5%      4.52
_____________________________
Total in GBP: 124.32

Click on the LINK TO INVOICE:

http://nlpshoping.com/billing/order203401.html

Customer Support


The email was from support @ feder.com

www.netidentity.com
4190 Neil Road
Suite 430, Reno, 89502
NV, UNITED STATES
postmaster@netidentity.com
+1.7753335992
+1.7753290852


The domain for the website is nlpshoping.com

Created on 10/17/2005 19:58:15
Updated on 10/17/2005 21:00:19
Expires on 10/17/2006 15:58:15

Registrant / Admin Contact :
Michael THACKER (THACKE2-BMN-PE)
4332 Taos
88220 Carlsbad
UNITED STATES NM
+43 211 28918372
michaelthackery@yahoo.com
Referral URL      : https://www.bookmyname.com


Clearly another attempt to gain credit card information from the gullible PC users out there. Make sure you are aware of this and delete such emails immediatly!

_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei
Back to top
View user's profile AIM Address MSN Messenger
nlpshoping is nasty
Guest





PostPosted: Mon Oct 31, 2005 10:02 am    Post subject: Reply with quote

looks like this guy used a buffer overrun in hhctrl to compromise one of our (unpatched) PCs: here's the relevant entry from the application event log. Our user got the same email and unfortunately visited the website.

20/10/2005 14:28:58 HHCTRL Information None 1900 N/A COMPUTER The description for Event ID ( 1900 ) in Source ( HHCTRL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: This operation can only function within HTML Help., hXXp://nlpshoping.com/huindex.html, http://go.microsoft.com/fwlink?LinkID=45833.
Back to top
NightSpirit
Site Admin


Joined: 26 Nov 2002
Posts: 2955
Location: Enfield, London, UK

PostPosted: Mon Oct 31, 2005 12:56 pm    Post subject: Reply with quote

Thanks for the update, the MS link doesn't seem to be valid tho. I assume that it's related one or both of the IE/ActiveX flaws discussed at http://www.cert.org/advisories/CA-2000-12.html and http://support.microsoft.com/?kbid=323255?
_________________
Whedon: We will rule over this time slot, and we will call it... "This Time Slot".

Fox: I think we should call it... your grave!

Whedon: Ah, curse your sudden but inevitable betrayal!

Fox: Ha ha HA! Mine is an evil laugh...now die!

-- Rei


Last edited on Mon Oct 31, 2005 1:00 pm; edited 1 time in total
Back to top
View user's profile AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Zombie Nexus Forum Index -> Security All times are BST
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

ZBN Codebase (version 3.4.6)
Copyright © 2001 - 2009 Fraser Pearce & Graeme Wheeler. All Rights Reserved.
All trademarks and logos are the property of their respective owners.

Powered by phpBB © 2001, 2005 phpBB Group
Enhanced by these phpBB Mods and Hacks