On Wed, 02 May 2012 14:35:47 -0500, Li'l Abner wrote:

> "Ant" <not@home.today> wrote in
> news:2JadnWezCv8m_DzSnZ2dnUVZ8iKdnZ2d@brightview.c o.uk:
>
>> "Virus Guy" wrote:
>>
>>> If you try this first, I think you'll find it will work without having
>>> the actual alpha-numeric code:
>>>
>>> hxxp://12345678.cw9.me/dd_****@off.com/12345678_ViewMsg
>>
>> Yes, that worked. I used example.com and got:
>>
>> src="http://j.maxmind.com/app/geoip.js"
>> top.location.href = '/redir_main.php?to=some@example.com&cty=' +
>> geoip_country_name();
>>
>> Redirected to:
>>
>> ww15.buwna.com/video_c29tZUBleGFtcGxlLmNvbQ==
>>
>> The string c29tZUBleGFtcGxlLmNvbQ== is some@example.com base64 encoded.
>> Like you, I got a fake Login Live page. Although in English,
>> some of the internal html text was Portugese or Spanish (I can't tell
>> the difference), e.g:
>>
>> meta content="El nuevo Hotmail ya está aquÃ*. Es un sistema...
>>
>>> By social engineering - you mean my friend might have encountered a
>>> fake hotmail login screen at some point in the past?
>>
>> Exactly; just like the page we're seeing here! Pretty much all the
>> content is from live.com but when you press "sign in" the thief gets
>> your account details. It's also tied to your email address by the b64
>> encoded string.
>
> I bit on something like that a couple of days ago, but it had something
> to do with a facebook page. Then a Facebook login page popped up and
> Firefox automatically filled in my login credentials. I clicked "Login"
> and the screen went away. But FaceBook never showed up.
> The more I thought about it, the fishier it looked.
> So I immediately logged into Facebook and changed my password.
> As much as I preach to my customers about being careful what you click
> on,
> I couldn't believe that I did it myself!



What's Facebook?

LOL.

--
"Any man's death diminishes me, because I am involved
in mankind, and therefore never send to know for whom
the bell tolls; it tolls for thee".
-John Donne (1572-1631)