Re: "Nigerian" SPAM uses vulnerability in web applications?

["Ed J. Aivazian" <stealth () arminco com>]

Hello List,
The vulnerability has been found in phpNuke
/modules/WebMail/libmail.php
Looks like all Nigerian spam is sent using the default automated
account registration.


Tuesday, July 12, 2005, 3:39:04 PM, you wrote:

EJA> Hello list,

EJA> Today I received several spam reports and I guess they are sent
EJA> through compromised web application of one of our customers.
EJA> The fact is I can't figure out anything from the message headers, also
EJA> from X-abuse headers except the exact time and my IP address.
EJA> There is no strange traffic/cpu activity at that time and I don't find
EJA> any "strange-looking" records in apache access and error logs.
EJA> The email message contains the following text:
EJA> ---------------------------------------------
> > From Engineer George Ogbedi
EJA>  Nigerian National Petroleum Corporation, (NNPC),          
EJA>  P.o. Box 256 wuse2 Abuja,                                 
EJA>  Nigerian                                                  
                                                                               
                                                                               
EJA>  Attn: Please                                              
                                                                               
EJA>  I am Engr. George Ogbedi, The Director of the Contractors Award and
EJA>  Review                                                    
EJA>  Department with the Nigerian national Petroleum
EJA> Corporation (NNPC). I         
EJA>  am                                                        
EJA>  contacting you on this business of transferring the sum of
EJA>  US$23,615,000.00                                          
EJA>  (Twenty-three million, six hundred and fifteen thousand United Stated
EJA>  Dollars only) into a safe foreign account and the need is very urgent.
EJA>  I got                                                     
EJA>  your contact from the internet when i was searching for honest person
EJA>  who                                                       
EJA>  will assist me to receive the money into your bank account and it is
EJA>  with                                                      
EJA>  business trust that made me to contact you on this matter. I write to
EJA>  solicit for the transfer of this money into your account. 
                                                                               
EJA>  This money was generated from an over invoiced contract sum in my
EJA>  corporation (NNPC).                                       
EJA>  I am contacting you for your help and partnership for the following
EJA>  two                                                       
EJA>  reasons:                                                  
EJA>  1. As a civil servant, I am not permitted to own foreign accounts due
EJA>  to                                                        
EJA>  civil service code of conduct.                            
EJA>  2. My present financial resources as a civil servant will not be
EJA>  sufficient                                                
EJA>  for me to handle the transfer alone successfully without financial
EJA>  assistance from a reliable foreign partner abroad. 20% of this sum
EJA>  would be                                                  
EJA>  for you as compensation for using your Bank account in transferring
EJA>  this                                                      
EJA>  money, 5% would be used to reimburse the expenses made by both parties
EJA>  during the processing of the transferring which include, telephone
EJA>  bills,                                                    
EJA>  traveling expenses and fees. While 75% is for me.         
                                                                               
EJA>  Please note that I will arrange to meet with you immediately after the
EJA>  successful conclusion of the transfer, the 75% share of mine will be
EJA>  used                                                      
EJA>  for investment overseas. Your assistance and co-operation is highly
EJA>  needed.                                                   
EJA>  I assure you that this transaction is 100% risk free. If you are
EJA>  interested                                                
EJA>  I will require your banking information as                
EJA>  mentioned below:                                          
                                                                               
EJA>  1. Name to be used as beneficiary                         
EJA>  2. Your private and confidential telephone/fax number(s). 
EJA>  3. Your bank name and address, your bank telephone and fax number(s).
EJA>  4. Or if you are not comfortable with providing your existing account,
EJA>  you                                                       
EJA>  can within the shortest possible time, confidentially open an entirely
EJA>  new                                                       
EJA>  (Virgin) account for the transaction. I would prefer this arrangement.
EJA>  I                                                         
EJA>  hope to conclude this business within the next fourteen (14) working
EJA>  days.                                                     
EJA>  Looking forward to your anticipated and urgent positive response via
EJA>  this                                                      
EJA>  e-mail box.                                               
                                                                               
EJA>  Regards                                                   
EJA>  Eng George Ogbedi.

EJA> ----------------------------------------------
EJA> Does anyone have any experience of dealing with this matter, or any
EJA> ideas that can help me to resolve the situation?
EJA> Any kind of help is appreciated!
EJA> Thanks!
 
  




-- 
Best regards,
 Ed                            mailto:stealth () arminco com