[LINK] Fwd: Security Server Update

Peter Batchelor peter at batchelors.net
Fri Apr 11 08:57:29 EST 2003 

Looks like bank scam is still going (well, a bank scam that isn't being run 
by a bank) ...

If you type in the address shown (www.anz.com) you see the real ANZ 
website. If you look at the source in the message you see the following:
"To log into your account, please visit the ANZ website at <a 
href="http://64.46.114.91/">https://www.anz.com/</a>"

I remember reading a few years ago about an exploit similar to this that 
could be used within Eudora, at a time when Eudora users were feeling very 
pleased that "their" email wasn't being subjected to the same sorts of 
trouble that Outlook was. It went something along the lines of a small 
piece of malicious code could be emailed to someone as an attachment. In a 
subsequent email a link to the file could be masked with a real URL - based 
on the assumption that most people would use the standard install for 
Eudora, and so the attachments would be stored in a known location on their 
C drive. Scanning the new email wouldn't show any problems, and "hey - it 
couldn't be a problem because there wasn't an attachment, right?" Clicking 
on the link would cause the earlier piece of code to be executed.

Reminiscences aside, how easy is it for the ANZ, or another organisation 
that this might happen to, to get this site taken down? I'm betting that it 
isn't being hosted in Australia... an IPWHOIS lookup says that the IP is 
allocated to 3DWizards, in Florida, USA.

Given that ANZ's site is copyright (the copyright notice is retained on the 
copy of the pages), would it be easier to get overseas authorities to act 
because of the fraud aspect of the site, or because of the copyright 
issues? That is, how many countries do we have arrangements with that would 
allow this site to be taken down because of the intent to defraud ANZ 
customers, as opposed to the obligations of the 96 or so signatories of the 
Berne Convention?

Just a few thoughts and questions....

Cheers, Peter

>Subject: Security Server Update
>From: www.anzbank.com <newzs at anzbank.com>
>To: PETERBAT <peterbat at vic.bigpond.net.au>
>X-Mailer: Pegasus Mail for Win32 (v2.53/R1)
>Date: Thu, 10 Apr 2003 21:17:07
>
>
>
>
>
>
>
>Dear Valued Customer,
>
>- Our new security system will help you to avoid
>   frequently fraud transactions and to keep your
>   investments in safety.
>
>- Due to technical update we recommend you to
>   reactivate your account.
>
>Click on the link below to login and begin using
>your updated ANZ account.
>
>To log into your account, please visit the ANZ
>website at <http://64.46.114.91/>https://www.anz.com/
>
>To review your statement, log into your ANZ
>account and click the eStatements & eNotices button
>in the left navigation of your Account Summary page.
>Your new statement is listed in the left navigation
>of the page.
>
>If you have questions about your online statement,
>please send us a Bank Mail or call us at
>1-888-BKONWEB (256-6932).
>
>We appreciate your business. It's truly our
>pleasure to serve you.
>
>ANZ Customer Care
>
>This email is for notification only. To contact us,
>please log into your account and send a Bank Mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.anu.edu.au/pipermail/link/attachments/20030411/69fc69e5/attachment.htm

More information about the Link mailing list