47930). National City Bank - Email.Phishing.RB-1301
This email targets customers of National City Bank.
Message Details
| Malware Name: | Email.Phishing.RB-1301 |
| Origin: |  Poland |
| Date first seen: | 10/07/2007 16:40:38 |
| From: | "National City" <customerservice.refr45461773752e.cm@nationalcity.com> |
| Subject: | urgent security notification for client! |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://session-367809.nationalcity.com.mode.kg/corporate/onlineservices/TreasuryMgmt/ | ||||
|
http://session-367809.nationalcity.com/corporate/onlineservices/TreasuryMgmt/ |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear National City customer, National City Corporate Customer Service requests you to complete Treasury Management Services Online Confirmation Form. This procedure is obligatory for all business and corporate clients of National City. Please select the hyperlink and visit the address listed to access Treasury Management Services Online Confirmation Form. [1]http://session-367809.nationalcity.com/corporate/onlineservices/TreasuryM gmt/ Again, thank you for choosing National City for your business needs. We look forward to working with you. Please do not respond to this email. Replies to this mail are not read by National City Corporate Customer Service or technical support. =================================================================== 0x17, 0x67, 0x017, 0x040, 0x5, 0x6, 0x74373695, 0x4 WS61 create: 0x90, 0x2390, 0x0628, 0x5325, 0x2163 0x886, 0x4618, 0x501, 0x03, 0x98552264, 0x993, 0x80656055, 0x0, 0x35400699, 0x641, 0x2, 0x05189311, 0x2157, 0x8 0x084, 0x04437926, 0x89793195, 0x55, 0x9902, 0x3, 0x8737, 0x051, 0x992, 0x23318415, 0x5, 0x63, 0x9, 0x04 0x0, 0x3042 0x176, 0x314, 0x98656305 IDFM: 0x66353274, 0x4017, 0x87, 0x9 0x25899085, 0x585, 0x09, 0x7, 0x7970, 0x2853 L9JH: 0x30828789, 0x9, 0x1873, 0x811, 0x8787, 0x85, 0x8, 0x50, 0x5491, 0x11, 0x13, 0x5842, 0x965 X6DY: 0x13879802 rcs: 0x0013, 0x73, 0x7852, 0x20, 0x596, 0x55, 0x11734376, 0x3, 0x0, 0x0819, 0x85, 0x840, 0x896 tmp exe serv. 0x858, 0x14, 0x3854, 0x495, 0x49, 0x0, 0x55066379, 0x070, 0x43, 0x9 0x70909473, 0x72, 0x1769, 0x54006478 AFBN. 0x983, 0x5363, 0x21921008, 0x837, 0x697, 0x6, 0x9, 0x63 7MYM: 0x1076, 0x094, 0x41223841, 0x88530957, 0x82 0x28387318, 0x04416760, 0x67716683, 0x63889715, 0x2, 0x33049520, 0x4, 0x9329 0x1873, 0x9947, 0x2, 0x140, 0x13, 0x61, 0x9, 0x34 0x6774, 0x36, 0x53, 0x7, 0x4, 0x013, 0x3, 0x1, 0x26590886, 0x08, 0x4, 0x241, 0x6, 0x43 0x3461, 0x8532, 0x35, 0x57, 0x041, 0x696, 0x68, 0x0412, 0x4, 0x41227646, 0x2, 0x505, 0x3, 0x602 1HI: 0x61426947, 0x6911, 0x40449253, 0x10823038, 0x7577, 0x93855521, 0x16, 0x746, 0x29931412, 0x8820, 0x55663076, 0x791, 0x1 OK0 exe HMN00x75, 0x31093607, 0x05890194, 0x20881427, 0x69, 0x2, 0x28, 0x8304, 0x18, 0x071 0x75093681, 0x89084406, 0x657, 0x5, 0x2, 0x46, 0x998 LOO8: 0x48, 0x6218, 0x066, 0x6, 0x15163413, 0x3743, 0x4605, 0x5, 0x35709030, 0x44019117, 0x357, 0x65910869, 0x11, 0x336 exe, media, interface. create: 0x34046756, 0x7, 0x48424207 References 1. http://session-367809.nationalcity.com.mode.kg/corporate/onlineservices/TreasuryMgmt/