Re: "Nigerian" SPAM uses vulnerability in web applications?

[leighm () linuxbandwagon com]

What web app do you suspect is allowing this to happen?

You do know about the recent PHP/pear remote XMLRPC vulnerability?

leigh


Quoting "Ed J. Aivazian" <stealth () arminco com>:

> Hello list,
>
> Today I received several spam reports and I guess they are sent
> through compromised web application of one of our customers.
> The fact is I can't figure out anything from the message headers, also
> from X-abuse headers except the exact time and my IP address.
> There is no strange traffic/cpu activity at that time and I don't find
> any "strange-looking" records in apache access and error logs.
> The email message contains the following text:
> ---------------------------------------------
> > From Engineer George Ogbedi
> Nigerian National Petroleum Corporation, (NNPC),
> P.o. Box 256 wuse2 Abuja,
> Nigerian
>
>
> Attn: Please
>
> I am Engr. George Ogbedi, The Director of the Contractors Award and
> Review
> Department with the Nigerian national Petroleum Corporation (NNPC). I
> am
> contacting you on this business of transferring the sum of
> US$23,615,000.00
> (Twenty-three million, six hundred and fifteen thousand United Stated
> Dollars only) into a safe foreign account and the need is very urgent.
> I got
> your contact from the internet when i was searching for honest person
> who
> will assist me to receive the money into your bank account and it is
> with
> business trust that made me to contact you on this matter. I write to
> solicit for the transfer of this money into your account.
>
> This money was generated from an over invoiced contract sum in my
> corporation (NNPC).
> I am contacting you for your help and partnership for the following
> two
> reasons:
> 1. As a civil servant, I am not permitted to own foreign accounts due
> to
> civil service code of conduct.
> 2. My present financial resources as a civil servant will not be
> sufficient
> for me to handle the transfer alone successfully without financial
> assistance from a reliable foreign partner abroad. 20% of this sum
> would be
> for you as compensation for using your Bank account in transferring
> this
> money, 5% would be used to reimburse the expenses made by both parties
> during the processing of the transferring which include, telephone
> bills,
> traveling expenses and fees. While 75% is for me.
>
> Please note that I will arrange to meet with you immediately after the
> successful conclusion of the transfer, the 75% share of mine will be
> used
> for investment overseas. Your assistance and co-operation is highly
> needed.
> I assure you that this transaction is 100% risk free. If you are
> interested
> I will require your banking information as
> mentioned below:
>
> 1. Name to be used as beneficiary
> 2. Your private and confidential telephone/fax number(s).
> 3. Your bank name and address, your bank telephone and fax number(s).
> 4. Or if you are not comfortable with providing your existing account,
> you
> can within the shortest possible time, confidentially open an entirely
> new
> (Virgin) account for the transaction. I would prefer this arrangement.
> I
> hope to conclude this business within the next fourteen (14) working
> days.
> Looking forward to your anticipated and urgent positive response via
> this
> e-mail box.
>
> Regards
> Eng George Ogbedi.
>
> ----------------------------------------------
> Does anyone have any experience of dealing with this matter, or any
> ideas that can help me to resolve the situation?
> Any kind of help is appreciated!
> Thanks!
>
>
>
> --
> Best regards,
> Ed



--
What happened to Java version 2, 3 & 4? Why is Java 1.41 called Java2? What
version is JRE 5? what happened to them? Where did they go? Why do i download
Java1.x when im looking for Java2.0 ?

And those java fellas reckon the PHP fellas are disorganised!

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Attachment: _bin
Description: PGP Public Key