Full Disclosure mailing list archives
RE: visa XSS?
From: <lists () computersecurityonline com>
Date: Tue, 23 Dec 2003 12:18:32 -0000
Mauro, This is quite simply a fraud that is designed to get people to part with their authentication details via a fake website. This is all the rage in the fraud community at the moment and has targeted most of the major online banking sites at some time or the other. Most people don't realise that they are being directed to 64.21.80.2 because the URL starts with www.visa.com. It is just a confidence trick on an internet scale. Have a look at the following for some more details : http://support.microsoft.com/?id=833786 Merry Christmas, Simon -- Simon Biles /// computer security online ltd.
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Mauro Flores Sent: 23 December 2003 11:45 To: full-disclosure () lists netsys com Subject: [Full-disclosure] visa XSS? I receive this mail today, the funny stuff is that when you click on the link, you execute: http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&
useroption=SecurityUpdate&StateLevel=GetFrom@> 64.21.80.2/~gotier/verified_by_visa.htm
I don't have a Visa card and I don't like that 64.21.80.2 which is not a Visa IP, AFAIK. Anyone else receive it?? regards, Mauro Flores On Tue, 2003-12-23 at 08:29, Mauro Flores wrote:-----Forwarded Message----- From: Visa International Service <security () visa-security com> Subject: Visa Security Update Date: 23 Dec 2003 05:24:34 -0600 [image] Dear Customer, Our latest security system will help you to avoid possiblefraud actionsand keep your investments in safety. Due to technical security update you have to reactivateyour accountClick on the link below to login to your updated Visa account. To log into your account, please visit the Visa Website at http://www.visa.com We respect your time and business. It's our pleasure to serve you. Please don't reply to this email. This e-mail wasgenerated by a mailhandling system. [image] Copyright 1996-2003, Visa International ServiceAssociation. All rightsreserved._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- Virus scanned by edNET.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)
- Re: visa XSS? Adam Hunt (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- Re: visa XSS? Gary Flynn (Dec 23)
- RE: visa XSS? lists (Dec 23)
- Re: visa XSS? Oliver Gobin (Dec 23)
- Re: visa XSS? William Warren (Dec 23)
- <Possible follow-ups>
- RE: visa XSS? Knarr, Joshua (Dec 23)
- Re: visa XSS? jan . muenther (Dec 23)
- RE: visa XSS? Knarr, Joshua (Dec 23)
- Re: visa XSS? Scott Anderson (Dec 23)
- RE: visa XSS? Bill Royds (Dec 23)
- Re: visa XSS? Adam Hunt (Dec 23)
- RE: visa XSS? Brown, James (Jim) (Dec 23)
- Re: visa XSS? Adam Hunt (Dec 23)
- Re: visa XSS? Mauro Flores (Dec 23)