10849). zfree.co.nz - HTML.Phishing.Bank-678
This email targets customers of zfree.co.nz.
Message Details
| Malware Name: | HTML.Phishing.Bank-678 |
| Origin: |  Korea, Republic of |
| Date first seen: | 26/08/2006 17:20:55 |
| Number seen: | 11 |
| Date last seen: | 28/08/2006 07:31:25 |
| From: | brucie cathi <dunnyjo@zfree.co.nz> |
| Subject: | the work shows the workman |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
26/08/2006 12:36:24 | 26/08/2006 12:38:09 |  70.84.96.10 |
http://c-m-o.com/TWljaFlbCBTb3V0aHdhcmQ7NjAgRGVubWFyayBSYW9kLCBDb3R0ZW5oYW07Q2FtYnJpZGdlO0NCNCA4UVM7TWljaGFlbCBTb3V0aHdhcmQ7NjAgRGVubWFyayBSYW9kLCBDb3R0ZW5oYW07Q2FtYnJpZGdlO0NCNCA4UVM7/YmFyY25tMQ=3D=3D | |
|
26/08/2006 12:36:24 | 26/08/2006 12:38:09 | 70.84.96.10 |
http://c-m-o.com | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear Valued Customer We are committed to protecting you, with the latest technology to keep your details secure, and dedicated teams to monitor online activity and intercept any suspicious actions. And we do everything we can to protect our online customers, but the steps we take can be much more effective if you work with us to protect yourself. 25 August 2006 our security system detected an unsuccessfull access attempt to your online account from Ip address 82.190.253.29 that does not correspond to your current address. Please [1]click here to confirm your current address or change it online. If you do not confirm your address until 29 August 2006 your account will be SUSPENDED for security reasons and we will send you an Activation Code by post which you will need to renew your online banking service access. You will receive this within seven days if your current address is not confirmed. Yours sincerely Adrian Grace Security Department Barclays International Insurance Services Company Limited References 1. http://c-m-o.com/TWljaFlbCBTb3V0aHdhcmQ7NjAgRGVubWFyayBSYW9kLCBDb3R0ZW5oYW07Q2FtYnJpZGdlO0NCNCA4UVM7TWljaGFlbCBTb3V0aHdhcmQ7NjAgRGVubWFyayBSYW9kLCBDb3R0ZW5oYW07Q2FtYnJpZGdlO0NCNCA4UVM7/YmFyY25tMQ==|victim@phishery.internetdefence.net
Additional Examples