(Moderators: feel free to wrap the long lines if you think it's necessary, I'm posting it as I received it) Hello bugtraq, The VISA scam rides again! === Cut === >From firstname.lastname@example.org Wed Dec 24 00:42:50 2003 Received: from 188.8.131.52 (AC991F46.ipt.aol.com [184.108.40.206]) by xxxx.xxxx.xxxx.xx (8.11.2/8.11.2) with SMTP id hBNNglx01132 for
;Wed, 24 Dec 2003 00:42:48 +0100 (MET) Message-Id: <200312232342.hBNNglx01132@xxxx.xxxx.xxxx.xx> Date: Tue, 23 Dec 2003 17:42:09 -0600 From: Visa International Service X-Mailer: Microsoft Outlook Express 6.00.2800.1158 Reply-To: Visa International Service Organization: Visa International Service X-Priority: 3 (Normal) To: email@example.com Subject: Visa Security Update Mime-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Status: RO X-Status: X-Keywords: X-UID: 1036 Secure with Visa
=== Cut === While the whole thing seems to be a really sorry attempt of someone who knows next to nothing about e-mail, looking at the URI the victim is supposed to go to suggests the scammer attempted (unsuccessfully, it appears - I couldn't check it because I don't use Windows, but there doesn't seem to be the 0x01 char anywhere) to exploit the Internet Explorer URL parsing vulnerability discovered not long ago, in order to obscure the real target host from superficial inspections that many users, especially of the kind that would believe such messages, never go beyond. AOL and iPowerWeb (where the scam site is located) have been notified. Cheers, -- MS
Our latest security system will help you to avoid possible fraud actions and
keep your investments in safety.
Due to technical security update you have to reactivate your account
Click on the link below to login to your updated Visa account.
To log into your account, please visit the Visa Website at
href="http://www.visa.com :UserSession=2f6q9uuu88312264trzzz55884495&usersoption=SecurityUpdate&StateLevel=GetFrom@220.127.116.11/~gotierco/verified_by_vis http://www.visa.coma.htm">http://www.visa.com
We respect your time and business.
It's our pleasure to serve you.
Please don't reply to this email. This e-mail was generated by a mail handling system.
Copyright 1996-2003, Visa International Service Association. All rights reserved.