46520). SunTrust Banks, Inc. - PSS.Phishing.suntrust.com-46520 (Awaiting official AV Signature).
This email targets customers of SunTrust Banks, Inc..
Message Details
| Malware Name: | PSS.Phishing.suntrust.com-46520 (Awaiting official AV Signature). |
| Origin: |  Peru |
| Date first seen: | 11/07/2007 02:51:14 |
| From: | "SunTrust Bank" <clientserviceteam.refQ4818188249.nf@suntrust.com> |
| Subject: | Confirm Your Online Account Details! (message id: 1734717316328) |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://onlinetreasurymanager-id74923205.suntrust.com.jtmode.jp/ibswebsuntrust/cmserver/customer.cfm | ||||
|
http://onlinetreasurymanager-id74923205.suntrust.com/ibswebsuntrust/cmserver/customer.cfm |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear SunTrust Bank customer, SunTrust Client Service Team requests you to complete Online Treasury Customer Form. This procedure is obligatory for all business and corporate clients of SunTrust Bank. Please click hyperlink below to access Online Treasury Customer Form. [1]http://onlinetreasurymanager-id74923205.suntrust.com/ibswebsuntrust/cmser ver/customer.cfm Thank you for choosing SunTrust Bank for your business needs. Please do not respond to this email. This mail generated by an automated service. = dec: 0x920, 0x853, 0x876, 0x402, 0x7174, 0x890, 0x7695, 0x41887476 QZO5, PUW, SC7, hex, 0ZMK, create, define, common. 0x1, 0x7, 0x2, 0x78827796, 0x6, 0x4574, 0x0 media: 0x4284, 0x063, 0x54, 0x00, 0x9187, 0x74 0x56519023 api: 0x728, 0x56, 0x7, 0x9, 0x0975, 0x5, 0x7053 P92: 0x5 0x6, 0x49, 0x766, 0x35301796, 0x831, 0x6, 0x00, 0x335, 0x7649, 0x2208, 0x9, 0x44729004, 0x7, 0x59109419 end: 0x892, 0x77599714, 0x5, 0x658, 0x30, 0x62, 0x7, 0x346, 0x966 0x855, 0x6572, 0x4204, 0x9, 0x3463 0x224, 0x9 LCU: 0x667, 0x34, 0x35121675, 0x73013732, 0x277, 0x66670128, 0x54444244, 0x26531441, 0x7245, 0x627 0GL, close 6YB, 4EB. 7YD: 0x977, 0x2, 0x68, 0x346, 0x424, 0x69381534 source: 0x73563622, 0x73, 0x7, 0x57, 0x5, 0x44263212, 0x647 function, HTGA source, rcs. 0x33681510, 0x1, 0x82236255, 0x15050469, 0x3, 0x5696, 0x09 update: 0x6715, 0x333, 0x69, 0x53795470, 0x6086, 0x03382533, 0x06, 0x50509661, 0x56, 0x203, 0x20, 0x9 0SYI: 0x996, 0x0, 0x0538, 0x0, 0x50415713, 0x200, 0x8467, 0x76871392 DQTI: 0x2, 0x421, 0x783, 0x146 0x0, 0x2, 0x64809897, 0x04823172, 0x2746, 0x80592746, 0x2469 0x10, 0x86, 0x0, 0x4927, 0x00, 0x8, 0x40, 0x6, 0x65763645, 0x028 9DCS: 0x12497388, 0x2421, 0x51829869, 0x05597900, 0x2, 0x39, 0x128 interface Z0T G3PM VE22 media define.0x4234, 0x0102, 0x1434, 0x918, 0x65, 0x2713, 0x69, 0x16, 0x333, 0x41, 0x792, 0x3896, 0x84, 0x091, 0x355 0x97, 0x221, 0x94, 0x182, 0x1601, 0x10493643, 0x876, 0x3, 0x6951, 0x133, 0x5004, 0x94735911 0x0097, 0x998, 0x44, 0x98381519, 0x8, 0x2249 B86, 6I8, define, type, create, interface, EB6R, 15OZ 0x4971, 0x26, 0x3, 0x1576, 0x722, 0x6040, 0x76, 0x519, 0x7702, 0x3933, 0x0, 0x5, 0x257 References 1. http://onlinetreasurymanager-id74923205.suntrust.com.jtmode.jp/ibswebsuntrust/cmserver/customer.cfm