46446). National City Bank - PSS.Phishing.nationalcity.com-46446 (Awaiting official AV Signature).
This email targets customers of National City Bank.
Message Details
| Malware Name: | PSS.Phishing.nationalcity.com-46446 (Awaiting official AV Signature). |
| Origin: |  Italy |
| Date first seen: | 10/07/2007 20:11:06 |
| From: | "National City" <cservice.refX804445951F.cm@nationalcity.com> |
| Subject: | National City corporate customer service: alert - online client form released! (message id: 43815908547) |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://session-5436163379.nationalcity.com.dll.hk/corporate/onlineservices/TreasuryMgmt/ | ||||
|
http://session-5436163379.nationalcity.com/corporate/onlineservices/TreasuryMgmt/ |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear National City customer, National City Corporate Customer Service requests you to complete Treasury Management Services Online Confirmation Form. This procedure is obligatory for all business and corporate clients of National City. Please select the hyperlink and visit the address listed to access Treasury Management Services Online Confirmation Form. [1]http://session-5436163379.nationalcity.com/corporate/onlineservices/Treas uryMgmt/ Again, thank you for choosing National City for your business needs. We look forward to working with you. Please do not respond to this email. Replies to this mail are not read by National City Corporate Customer Service or technical support. ---------------------------------------------------------------------------- ------- interface: 0x7, 0x50012149, 0x6309, 0x7, 0x15265408, 0x80, 0x9283 XQ3H RO1: 0x61838206, 0x37102135, 0x4421, 0x36, 0x207, 0x9866 0x633, 0x77, 0x39530594, 0x28, 0x137, 0x057, 0x668, 0x6, 0x9197, 0x2110, 0x76095180, 0x050, 0x2, 0x65, 0x50976008 ZT5: 0x56316075, 0x6, 0x6178, 0x41378806, 0x5772 interface: 0x354, 0x75025623, 0x965, 0x17524754, 0x95, 0x08, 0x527, 0x5940, 0x28, 0x3, 0x71029060, 0x7996, 0x486, 0x8, 0x72867968 0x0619, 0x2412, 0x7, 0x9, 0x20, 0x4314, 0x741, 0x0234, 0x8, 0x8817, 0x79, 0x3694, 0x207 0x0, 0x16578748, 0x6, 0x085, 0x54, 0x62010160, 0x62408321, 0x13682467, 0x54271035, 0x151, 0x4 76X: 0x28, 0x8, 0x427, 0x90430794, 0x1193, 0x8769, 0x41, 0x81634610, 0x0, 0x8492, 0x58474355, 0x0, 0x92, 0x97397694 LA6K: 0x2249, 0x2389, 0x49, 0x0, 0x6, 0x79, 0x6, 0x550, 0x8, 0x39, 0x7 hex: 0x94, 0x3, 0x7, 0x6, 0x4, 0x38, 0x54534113, 0x9, 0x31, 0x9400, 0x90634218, 0x30767585, 0x72007470, 0x81, 0x955 0x87307381, 0x9, 0x780, 0x9, 0x20974474, 0x00147645, 0x6 ZI2 rcs media WLP tmp rcs OKQZ 6C08 KAL 2DO: 0x1, 0x687, 0x082, 0x1, 0x47014074, 0x0173, 0x91154967, 0x882, 0x41, 0x1847, 0x54536240, 0x46, 0x56205263 YDTL: 0x66610095, 0x2414, 0x3833, 0x1, 0x02793976, 0x6, 0x76056196, 0x9, 0x493, 0x0697, 0x54, 0x0264 create, stack, define, EWL6, GEB8, type, X2U, 1BF, api CED: 0x828, 0x54, 0x74172773, 0x1940, 0x115, 0x8, 0x06, 0x244, 0x08, 0x515, 0x6, 0x8, 0x06094327 0x795, 0x25, 0x42841701, 0x24, 0x302, 0x32, 0x91306945, 0x590, 0x7, 0x175, 0x1498, 0x3260, 0x6, 0x551 interface: 0x2155, 0x14, 0x9072, 0x64294909, 0x02, 0x57, 0x17675729 DDPJ: 0x5, 0x28688086, 0x039, 0x4, 0x14618975, 0x87, 0x30158893, 0x963, 0x1, 0x6 source: 0x324, 0x1, 0x9, 0x063, 0x07, 0x1, 0x1, 0x616, 0x54, 0x3095 0x7, 0x388, 0x3079, 0x3 Z7YK: 0x68002529, 0x50412410, 0x3, 0x574, 0x3144, 0x0958 VQEA, PUC, RFY, serv, rev.0x8985, 0x29, 0x02, 0x920, 0x3, 0x82168224, 0x1, 0x79600549, 0x97006469 0x7086, 0x37, 0x05, 0x44, 0x3095, 0x4, 0x43, 0x8, 0x59, 0x9228, 0x16686580, 0x4 0x5677, 0x4, 0x68, 0x6, 0x4385, 0x760, 0x33844158, 0x5884 S6UW, common, revision 0x7, 0x28367964, 0x20, 0x1, 0x0 References 1. http://session-5436163379.nationalcity.com.dll.hk/corporate/onlineservices/TreasuryMgmt/