WebApp Sec mailing list archives
Re: "Nigerian" SPAM uses vulnerability in web applications?
From: "Ed J. Aivazian" <stealth () arminco com>
Date: Wed, 13 Jul 2005 13:22:18 +0500
Hello List, The vulnerability has been found in phpNuke /modules/WebMail/libmail.php Looks like all Nigerian spam is sent using the default automated account registration. Tuesday, July 12, 2005, 3:39:04 PM, you wrote: EJA> Hello list, EJA> Today I received several spam reports and I guess they are sent EJA> through compromised web application of one of our customers. EJA> The fact is I can't figure out anything from the message headers, also EJA> from X-abuse headers except the exact time and my IP address. EJA> There is no strange traffic/cpu activity at that time and I don't find EJA> any "strange-looking" records in apache access and error logs. EJA> The email message contains the following text: EJA> ---------------------------------------------
From Engineer George Ogbedi
EJA> Nigerian National Petroleum Corporation, (NNPC), EJA> P.o. Box 256 wuse2 Abuja, EJA> Nigerian EJA> Attn: Please EJA> I am Engr. George Ogbedi, The Director of the Contractors Award and EJA> Review EJA> Department with the Nigerian national Petroleum EJA> Corporation (NNPC). I EJA> am EJA> contacting you on this business of transferring the sum of EJA> US$23,615,000.00 EJA> (Twenty-three million, six hundred and fifteen thousand United Stated EJA> Dollars only) into a safe foreign account and the need is very urgent. EJA> I got EJA> your contact from the internet when i was searching for honest person EJA> who EJA> will assist me to receive the money into your bank account and it is EJA> with EJA> business trust that made me to contact you on this matter. I write to EJA> solicit for the transfer of this money into your account. EJA> This money was generated from an over invoiced contract sum in my EJA> corporation (NNPC). EJA> I am contacting you for your help and partnership for the following EJA> two EJA> reasons: EJA> 1. As a civil servant, I am not permitted to own foreign accounts due EJA> to EJA> civil service code of conduct. EJA> 2. My present financial resources as a civil servant will not be EJA> sufficient EJA> for me to handle the transfer alone successfully without financial EJA> assistance from a reliable foreign partner abroad. 20% of this sum EJA> would be EJA> for you as compensation for using your Bank account in transferring EJA> this EJA> money, 5% would be used to reimburse the expenses made by both parties EJA> during the processing of the transferring which include, telephone EJA> bills, EJA> traveling expenses and fees. While 75% is for me. EJA> Please note that I will arrange to meet with you immediately after the EJA> successful conclusion of the transfer, the 75% share of mine will be EJA> used EJA> for investment overseas. Your assistance and co-operation is highly EJA> needed. EJA> I assure you that this transaction is 100% risk free. If you are EJA> interested EJA> I will require your banking information as EJA> mentioned below: EJA> 1. Name to be used as beneficiary EJA> 2. Your private and confidential telephone/fax number(s). EJA> 3. Your bank name and address, your bank telephone and fax number(s). EJA> 4. Or if you are not comfortable with providing your existing account, EJA> you EJA> can within the shortest possible time, confidentially open an entirely EJA> new EJA> (Virgin) account for the transaction. I would prefer this arrangement. EJA> I EJA> hope to conclude this business within the next fourteen (14) working EJA> days. EJA> Looking forward to your anticipated and urgent positive response via EJA> this EJA> e-mail box. EJA> Regards EJA> Eng George Ogbedi. EJA> ---------------------------------------------- EJA> Does anyone have any experience of dealing with this matter, or any EJA> ideas that can help me to resolve the situation? EJA> Any kind of help is appreciated! EJA> Thanks! -- Best regards, Ed mailto:stealth () arminco com
Current thread:
- "Nigerian" SPAM uses vulnerability in web applications? Ed J. Aivazian (Jul 12)
- Re: "Nigerian" SPAM uses vulnerability in web applications? Saqib Ali (Jul 13)
- Re: "Nigerian" SPAM uses vulnerability in web applications? leighm (Jul 13)
- Re: "Nigerian" SPAM uses vulnerability in web applications? Ed J. Aivazian (Jul 13)