doka
22.10.2004, 18:52
From - Fri Oct 22 xx:xx:xx 2004
X-UIDL: [UID filtered]
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <support [at] citibank.com>
Received: from 172.19.20.6 (helo=mxng11.kundenserver.de)
by mqueue.kundenserver.de with ESMTP (Nemesis),
ID: [ID filtered]
Received: from [66.200.154.67] (helo=66-200-154-67.client.dsl.net)
by mxng11.kundenserver.de with smtp (Exim 3.35 #1)
ID: [ID filtered]
for #MeinAccount#; Fri, 22 Oct 2004 xx:xx:xx +0200
X-Message-Info: 4LLii2807i651MPsxCR7tf819vhvKOWsNGHyeuWHcb42x
Received: from misty.com ([155.8.223.83]) by dd4-fk802.misty.com with Microsoft SMTPSVC(5.3.7728.2637);
Fri, 22 Oct 2004 xx:xx:xx -0300
Received: from misty.com (misty.com [111.247.91.0])
by misty.com (8.12.10/8.12.9) with ESMTP ID: [ID filtered]
for #MeinAccount#; Fri, 22 Oct 2004 xx:xx:xx +0300 (EST)
(envelope-from support#citibank*com)
Received: from PQ84096 (modemcable6.9-09.wz.misty.com [231.216.56.241])
(authenticated bits=1)
by misty.com (8.12.10/8.12.9) with ESMTP ID: [ID filtered]
for #MeinAccount#; Fri, 22 Oct 2004 xx:xx:xx -0600 (EST)
(envelope-from support#citibank*com)
Message-ID: [ID filtered]
From: "Citibank" <support#citibank*com>
To: <Info>
Subject: Security Alert on Microsoft Internet Explorer
Date: Fri, 22 Oct 2004 xx:xx:xx -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--00565499317872809"
Envelope-To: #MeinAccount#
X-SpamScore: 0.345
tests= TO_MALFORMED
----00565499317872809
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
<table border="0" cellpadding="0" cellspacing="0" width="600">
<tr>
<td width="600" colspan="2"><a href=http://www.citibank.com/domain/images/citi44a.gif</a>" width="61" height="38" border="0" alt=""></td>
</tr>
<tr>
<td width="10"><SPACER height="1" width="10"
type="block"></td>
<td width="590">
<font color="#000066" face="Arial">
<font color="#000066" face="Arial">Dear Citibank Customer,
<font color="#000000" face="Arial">
At Citibank, we take security very seriously. As many customers already know, Microsoft Internet Explorer has significant `holes` or vulnerabilities that virus creators can easily take advantage of.
At Citibank, we maintain your personal information and data according to strict standards of security and confidentiality as described in the Terms and Conditions that govern your use of this site. Online access to your account portfolio is only possible through a secure web browser.
In order to further protect your account, we have introduced some new important security standards and browser requirements. Citibank security systems require that your computer system is compatible with our new standards.
This security update will be effective immediately. Please http://61.129.85.244/sys/ (<a href=)">sign on</a> to Citibank Online in order to verify security update installation. Failure to do so may result in your account being compromised.
Citibank Online
<br>
</td>
</tr>
<tr>
<td width="600" colspan="2" bgcolor="#000060"><SPACER height="1" width="600"
type="block"></td>
</tr>
<tr>
<td width="600" colspan="2" align="right"><font color="#777777" face="Arial" size="1">Copyright © 2004 Citicorp</font></td>
</tr>
</table>
----00565499317872809--
</font>
Interessant ist die Weiterleitung der Adresse: http://61.129.85.244/sys/ nach
http://web.da-us.citibank.com%01 [at] 61.129.85.244/sys/index4.html
Opera warnt zumindest, ob man wirklich zu der adresse mit Benutzernahmen wechseln will.
Nach Eingabe des Benutzernamens und Kennwortes (die Verifikation dauert recht lange ;-)
erscheint eine Bitte, man solle die Eingaben Confirmen mit ATM/Debit-Card und PIN.
Das ist auf:
http://web.da-us.citibank.com%01 [at] 61.129.85.244/sys/main.php?user=&pass= (http://web.da-us.citibank.com)
Toll, da ist ja User und Pass in der URL codiert.
Gruss,
DoKa
(der nun an seinem Zufalls-Javascript weiterschreiben geht.)
X-UIDL: [UID filtered]
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <support [at] citibank.com>
Received: from 172.19.20.6 (helo=mxng11.kundenserver.de)
by mqueue.kundenserver.de with ESMTP (Nemesis),
ID: [ID filtered]
Received: from [66.200.154.67] (helo=66-200-154-67.client.dsl.net)
by mxng11.kundenserver.de with smtp (Exim 3.35 #1)
ID: [ID filtered]
for #MeinAccount#; Fri, 22 Oct 2004 xx:xx:xx +0200
X-Message-Info: 4LLii2807i651MPsxCR7tf819vhvKOWsNGHyeuWHcb42x
Received: from misty.com ([155.8.223.83]) by dd4-fk802.misty.com with Microsoft SMTPSVC(5.3.7728.2637);
Fri, 22 Oct 2004 xx:xx:xx -0300
Received: from misty.com (misty.com [111.247.91.0])
by misty.com (8.12.10/8.12.9) with ESMTP ID: [ID filtered]
for #MeinAccount#; Fri, 22 Oct 2004 xx:xx:xx +0300 (EST)
(envelope-from support#citibank*com)
Received: from PQ84096 (modemcable6.9-09.wz.misty.com [231.216.56.241])
(authenticated bits=1)
by misty.com (8.12.10/8.12.9) with ESMTP ID: [ID filtered]
for #MeinAccount#; Fri, 22 Oct 2004 xx:xx:xx -0600 (EST)
(envelope-from support#citibank*com)
Message-ID: [ID filtered]
From: "Citibank" <support#citibank*com>
To: <Info>
Subject: Security Alert on Microsoft Internet Explorer
Date: Fri, 22 Oct 2004 xx:xx:xx -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--00565499317872809"
Envelope-To: #MeinAccount#
X-SpamScore: 0.345
tests= TO_MALFORMED
----00565499317872809
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
<table border="0" cellpadding="0" cellspacing="0" width="600">
<tr>
<td width="600" colspan="2"><a href=http://www.citibank.com/domain/images/citi44a.gif</a>" width="61" height="38" border="0" alt=""></td>
</tr>
<tr>
<td width="10"><SPACER height="1" width="10"
type="block"></td>
<td width="590">
<font color="#000066" face="Arial">
<font color="#000066" face="Arial">Dear Citibank Customer,
<font color="#000000" face="Arial">
At Citibank, we take security very seriously. As many customers already know, Microsoft Internet Explorer has significant `holes` or vulnerabilities that virus creators can easily take advantage of.
At Citibank, we maintain your personal information and data according to strict standards of security and confidentiality as described in the Terms and Conditions that govern your use of this site. Online access to your account portfolio is only possible through a secure web browser.
In order to further protect your account, we have introduced some new important security standards and browser requirements. Citibank security systems require that your computer system is compatible with our new standards.
This security update will be effective immediately. Please http://61.129.85.244/sys/ (<a href=)">sign on</a> to Citibank Online in order to verify security update installation. Failure to do so may result in your account being compromised.
Citibank Online
<br>
</td>
</tr>
<tr>
<td width="600" colspan="2" bgcolor="#000060"><SPACER height="1" width="600"
type="block"></td>
</tr>
<tr>
<td width="600" colspan="2" align="right"><font color="#777777" face="Arial" size="1">Copyright © 2004 Citicorp</font></td>
</tr>
</table>
----00565499317872809--
</font>
Interessant ist die Weiterleitung der Adresse: http://61.129.85.244/sys/ nach
http://web.da-us.citibank.com%01 [at] 61.129.85.244/sys/index4.html
Opera warnt zumindest, ob man wirklich zu der adresse mit Benutzernahmen wechseln will.
Nach Eingabe des Benutzernamens und Kennwortes (die Verifikation dauert recht lange ;-)
erscheint eine Bitte, man solle die Eingaben Confirmen mit ATM/Debit-Card und PIN.
Das ist auf:
http://web.da-us.citibank.com%01 [at] 61.129.85.244/sys/main.php?user=&pass= (http://web.da-us.citibank.com)
Toll, da ist ja User und Pass in der URL codiert.
Gruss,
DoKa
(der nun an seinem Zufalls-Javascript weiterschreiben geht.)