phishing

Eric "Shubes" plug at shubes.net
Thu Jan 11 09:29:33 MST 2007


I won't answer your question, but would like to point out that clamav
rejected a similar (possibly the same) email as containing a virus, so I
never received it. I happened to see a message in the log last night:
01-10 20:31:00
simscan:[31231]:VIRUS:0.2670s:HTML.Phishing.Bank-553:66.34.204.100:service at bankofamerica.com:plug at shubes.net

I'm liking clamav.

keith smith wrote:
> Good Morning to all you guru's out there in PLUG land!
> 
> I received an email this morning:
> 
> From : Bank of America
> Subject : Account Authentication Required
> 
> Saying I needed to verify my account.  It contained a link that took me to
> 
> http://203.199.124.235/bankofamerica.com/
> 
> Obviously this is fraudulent.  My first clue was I do not have a BofA
> account :)
> 
> So this form asks for account numbers, social security number, date of
> birth, mothers maiden name .... ETC.
> 
> This is the second time I have received this type of email.  Both times
> I have reported it to BofA.
> 
> So now I'm curious.  I would like to do a little detective work here.  I
> went to DNSStuff.com and did a reverse lookup and the IP shows it is in
> India City....
> 
> I know there must be a Linux command that I can run to learn more about
> this IP.  I'm wondering just how much information I might be able to
> learn from just having this limited amount of information and how I
> would go about it.
> 
> Any Ideas?
> 
> Thanks,
> Keith
> 


-- 
-Eric 'shubes'


More information about the PLUG-discuss mailing list