116). VISA - HTML.Phishing.Card-30

This email targets customers of VISA.

Message Details

Malware Name:HTML.Phishing.Card-30
Origin: United States
Date first seen:15/07/2006 11:46:58
From:"VISA"<security@VISA.com>
Subject:Check the status of your account

Attacker's URLs

The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.

The table shows the current status of the site: if it is still reachable (), or if it has been shut down (). If the site has not been confirmed as a phishing site it is shown with the symbol . The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the symbol.

StatusFirst observedShut DownInternet AddressURL
15/07/2006 11:50:16 15/07/2006 11:50:16 United States 216.239.59.147 http://www.google.pt/url   
15/07/2006 11:50:17 15/07/2006 11:50:17 Korea, Republic of 58.72.189.133 http://58.72.189.133:84/visa/update.html   

Message Text

The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.

Message Display
Enlarge
How the message body looks in an email client.

    Verified by VISA Security Measures.
    Dear VISA Member, 
    Your credit card must be a part of our routine security measures. This is a
    must to ensure that only you have access and use of your VISA credit card
    and to ensure a safe VISA experience. We require that you verify your
    information on file with us. To verify your information at this time,
    please visit our secure server webform by clicking the link below:
    [1]http://www.usa.visa.com/personal/using_visa/account_safety.html?it=gb|/|
    SAFE
    If you choose to ignore our request, you leave us no choice but to
    temporarily suspend your credit card and we or the bank wont be responsable
    for the money that you will lose.
    Thank you for your patience as we work together to protect your account.

    Thank you using VISA Credit Card!

References

   1. http://www.google.pt/url?sa=U&start=4&q=http://58.72.189.133:84/visa/update.html

Functions

Advice