I got the standard new phish warning about phish. I've snipped some of the body. I'm posting this standard one, because it is EXTREMELY well done. The site:
http://dragon.centavision.co.kr/login/chase/index.htm
Seems to be very well copied. For some reason I can see a lot if users falling for this one. If anyone has Korean connections, please try getting this site shut down.
I also find it ironic that www.centavision.co.kr points to some intrusion detection system :)
*******************
Received: from localhost.localdomain ([220.90.217.164])
by moglobal.com (8.12.5/8.12.5) with ESMTP id k2FG4kjj016517
for <[EMAIL PROTECTED]>; Wed, 15 Mar 2006 11:04:47 -0500
Received: from localhost.localdomain (ns [127.0.0.1])
by localhost.localdomain (8.12.11/8.12.11) with ESMTP id k2FE2K3T016318
for <[EMAIL PROTECTED]>; Wed, 15 Mar 2006 23:02:20 +0900
Received: (from [EMAIL PROTECTED])
by localhost.localdomain (8.12.11/8.12.11/Submit) id k2FE2JCa016317
for [EMAIL PROTECTED]; Wed, 15 Mar 2006 23:02:19 +0900
Date: Wed, 15 Mar 2006 23:02:19 +0900
To: [EMAIL PROTECTED]
Subject: Chase Personal Banking - Important Notice
Message-ID: <[EMAIL PROTECTED]>
From: "JPMorgan Chase & Co "<[EMAIL PROTECTED]>
Content-Type: text/html
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by moglobal.com id k2FG5Ejj016530
(linked logo gif from chase bank's website)
Chase Personal Banking always look forward for the high security of our clients. Some customers have been receiving an email claiming to be from Chase Manhattan advising them to follow a link to what appear to be a Chase web site, where they are prompted to enter their personal Online Banking details.JPMorgan Chase & Co. is in no way involved with this email and the web site does not belong to us.
Chase Bank is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service.
Due to the recent update of the servers, you are requested to please update your account info at the following link.
https://chaseonline.chase.com/chaseonline/reidentify/sso_reidentify.jsp?LOB=RBGLogon <http://dragon.centavision.co.kr/login/chase/index.htm?https//chaseonline.chase.com/chaseonline/ACCOUNTidentify/sso_reidentify.jsp?LOB=RBGLogon>
blah blah blah ect.....
**************************************
This was caught with a score of 7.4 so my users never saw it. Again, I'm just posting with the hope that we can
1) Warn users about this. Repeatedly ;)
2) Get the site shutdown.
Chris Santerre
SysAdmin and SARE/URIBL ninja
http://www.uribl.com
http://www.rulesemporium.com
