WebApp Sec mailing list archives
Re: "Nigerian" SPAM uses vulnerability in web applications?
From: leighm () linuxbandwagon com
Date: Wed, 13 Jul 2005 12:26:43 +1000
What web app do you suspect is allowing this to happen? You do know about the recent PHP/pear remote XMLRPC vulnerability? leigh Quoting "Ed J. Aivazian" <stealth () arminco com>:
Hello list, Today I received several spam reports and I guess they are sent through compromised web application of one of our customers. The fact is I can't figure out anything from the message headers, also from X-abuse headers except the exact time and my IP address. There is no strange traffic/cpu activity at that time and I don't find any "strange-looking" records in apache access and error logs. The email message contains the following text: ---------------------------------------------From Engineer George OgbediNigerian National Petroleum Corporation, (NNPC), P.o. Box 256 wuse2 Abuja, Nigerian Attn: Please I am Engr. George Ogbedi, The Director of the Contractors Award and Review Department with the Nigerian national Petroleum Corporation (NNPC). I am contacting you on this business of transferring the sum of US$23,615,000.00 (Twenty-three million, six hundred and fifteen thousand United Stated Dollars only) into a safe foreign account and the need is very urgent. I got your contact from the internet when i was searching for honest person who will assist me to receive the money into your bank account and it is with business trust that made me to contact you on this matter. I write to solicit for the transfer of this money into your account. This money was generated from an over invoiced contract sum in my corporation (NNPC). I am contacting you for your help and partnership for the following two reasons: 1. As a civil servant, I am not permitted to own foreign accounts due to civil service code of conduct. 2. My present financial resources as a civil servant will not be sufficient for me to handle the transfer alone successfully without financial assistance from a reliable foreign partner abroad. 20% of this sum would be for you as compensation for using your Bank account in transferring this money, 5% would be used to reimburse the expenses made by both parties during the processing of the transferring which include, telephone bills, traveling expenses and fees. While 75% is for me. Please note that I will arrange to meet with you immediately after the successful conclusion of the transfer, the 75% share of mine will be used for investment overseas. Your assistance and co-operation is highly needed. I assure you that this transaction is 100% risk free. If you are interested I will require your banking information as mentioned below: 1. Name to be used as beneficiary 2. Your private and confidential telephone/fax number(s). 3. Your bank name and address, your bank telephone and fax number(s). 4. Or if you are not comfortable with providing your existing account, you can within the shortest possible time, confidentially open an entirely new (Virgin) account for the transaction. I would prefer this arrangement. I hope to conclude this business within the next fourteen (14) working days. Looking forward to your anticipated and urgent positive response via this e-mail box. Regards Eng George Ogbedi. ---------------------------------------------- Does anyone have any experience of dealing with this matter, or any ideas that can help me to resolve the situation? Any kind of help is appreciated! Thanks! -- Best regards, Ed
-- What happened to Java version 2, 3 & 4? Why is Java 1.41 called Java2? What version is JRE 5? what happened to them? Where did they go? Why do i download Java1.x when im looking for Java2.0 ? And those java fellas reckon the PHP fellas are disorganised! ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Attachment:
_bin
Description: PGP Public Key
Current thread:
- "Nigerian" SPAM uses vulnerability in web applications? Ed J. Aivazian (Jul 12)
- Re: "Nigerian" SPAM uses vulnerability in web applications? Saqib Ali (Jul 13)
- Re: "Nigerian" SPAM uses vulnerability in web applications? leighm (Jul 13)
- Re: "Nigerian" SPAM uses vulnerability in web applications? Ed J. Aivazian (Jul 13)