Re: Red Cross Fraud

From: Akatosh (akatoshat_private)
Date: Sun Sep 16 2001 - 11:32:48 PDT
Next message: Andrew van der Stock: "Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)"
Previous message: Firehose: "Red Cross Fraud"
In reply to: Firehose: "Red Cross Fraud"
Next in thread: Brian Morin: "RE: Red Cross Fraud"
Reply: Brian Morin: "RE: Red Cross Fraud"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mabe I'm missing something, but what is fraudulant about this? The url's
appear to redirect to the real websites.

[akatosh@hope akatosh]$ wget -q -O index1.html "http://RedCross.ym0.net/re3.asp?C=29905&P=68339&E=1113263"
[akatosh@hope akatosh]$ wget -q -O index2.html "http://www.redcross.org"
[akatosh@hope akatosh]$ diff -s index1.html index2.html
Files index1.html and index2.html are identical
[akatosh@hope akatosh]$

they don't even throw a banner add at you before they redirect

On Sat, 15 Sep 2001, Firehose wrote:

> This criminal fraud originated from IP 64.37.207.81.
>
> I changed ".com" to ".Zcom" (except for my own email address)
> and ".net" to ".Znet" to protect any of you running vulnerable mail readers.
>
> Spread the word that there will be others doing this (with different
> IPs and URLs).  Sigh.
>
> Thanks,
>
> Bob Toxen, CTO
> Fly-By-Day Consulting, Inc.       "Experts in Linux & Unix security"
> bobat_private
> hoseat_private [bulk security email]
> http://www.cavu.com
> http://www.realworldlinuxsecurity.com/ [My 5* book: Real World Linux Security]
> Quality Linux & UNIX security and software consulting since 1990.
> -------------------- criminally fraudulent email follows ----------------
> Date: Sat, 15 Sep 2001 04:26:17 -0500
> To: [CENSORED]
> From: "YesMail" <subsat_private>
> Errors-To: subsat_private
> Bounces_To: subsat_private
> Subject: Resources for Helping Victims of Tuesday's Tragedies
>
> <img src="x.gif" width=1 height=1 alt="
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> *                                               *
> * IF YOU CAN READ THIS, YOUR EMAIL PROGRAM      *
> * IS TEXT-BASED AND CANNOT READ HTML MESSAGES   *
> *                                               *
> * THE TEXT VERSION IS BELOW. PLEASE ACCEPT      *
> * OUR APOLOGY FOR SENDING AN HTML MESSAGE.      *
> *                                               *
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> ------------------------------------------------------------------------
> This message is brought to you by MyStartingPoint and YesMail.
> We appreciate your membership.  To modify your member profile,
> please see Member Services below.
> ------------------------------------------------------------------------
>
> The Tuesday morning tragedies in New York and Washington resulted in a significant number of injuries and deaths leaving millions of Americans searching for ways to help. Numerous federal and local agencies along with private organizations are seeking assistance from the public. In a voluntary corporate effort, YesMail offers the following information as a resource for helping victims.
>
> To Give Blood:
> American Red Cross  1-800-GIVE LIFE
> http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263
>
> New York Blood Center  1-800-933-BLOOD
> http://NYBloodCtr.ym0.Znet/re3.asp?C=29905&P=68340&E=1113263
>
>
> To Make Financial Contributions:
> American Red Cross  1-800-HELP-NOW
> http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263
>
> United Way  1-212-251-4035
> http://UnitedWay.ym0.Znet/re3.asp?C=29905&P=68341&E=1113263
>
> Salvation Army  1-800-SAL-ARMY
> http://SalvArmy.ym0.Znet/re3.asp?C=29905&P=68342&E=1113263
>
>
> To Volunteer Services (New York):
> FEMA World Trade Center Relief  1-800-801-8092
>
>
> ------------------------------------------------------------------------
> Please visit the above Web site to verify offer availability outside the United States.
> ------------------------------------------------------------------------
> *MEMBER SERVICES*
> To modify your YesMail account or add interest categories visit
> http://my.yesmail.Zcom/default.asp?UID=1113263&SUBC=29aw56ab3o.
> To learn more about yesmail.Zcom, visit http://www.yesmail.Zcom or
> write us at 222 S. Riverside Plaza 17th Floor, Chicago, IL 60606.
> To unsubscribe from YesMail, click
> http://my.yesmail.Zcom/mymoptout.asp?PID=29905&SUBC=29aw56ab3o&UID=1113263
> or send an email to subsat_private with the word
> unsubscribe in the subject line.
> ------------------------------------------------------------------------
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
> THIS IS THE END OF YOUR EMAIL MESSAGE.
> Your email program is text-based and cannot read
> HTML messages. Please ignore the HTML code below.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
>
>
>
>
>
>
>
>
> ">
> <html>
>
> <head>
>
> <title>information</title>
>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
>
> </head>
>
>
>
> <body bgcolor="#FFFFFF" text="#000000">
>
> <table cellpadding=0 cellspacing=0 border=0 width=400>
> <tr>
> <td bgcolor="#ffffff"><FONT face=Arial size=-2>This
> message is brought to you by MyStartingPoint and YesMail.  We appreciate your membership. <br>To
> modify your member profile, please see "Member Services" below.</FONT><BR>
> <HR align=left width=400></td></tr></table>
> <p>
>
>
>
> <table width="530" border="0" cellspacing="0" cellpadding="0">
>
>   <tr>
>
>     <td align="left" valign="top"><font face="Arial, Helvetica, sans-serif" size="2" color="#000000">The
>
>       Tuesday morning tragedies in New York and Washington resulted in a significant
>
>       number of injuries and deaths leaving millions of Americans searching for
>
>       ways to help. Numerous federal and local agencies along with private organizations
>
>       are seeking assistance from the public. In a voluntary corporate effort,
>
>       YesMail offers the following information as a resource for helping victims.<br>
>
>       <br>
>
>       <b><font size="3">To Give Blood:</font></b><br><img src="http://media.ym0.Znet/spacer.gif" width=15">
>
>       <a href="http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263">American Red Cross</a> 1-800-GIVE LIFE<br><img src="http://media.ym0.Znet/spacer.gif" width=15">
>
>       <a href="http://NYBloodCtr.ym0.Znet/re3.asp?C=29905&P=68340&E=1113263">New York Blood Center</a> 1-800-933-BLOOD
>
>       <br>
>
>       <br>
>
>       <font size="3"><b>To Make Financial Contributions: </b></font><br><img src="http://media.ym0.Znet/spacer.gif" width=15">
>
>       <a href="http://RedCross.ym0.Znet/re3.asp?C=29905&P=68339&E=1113263">American Red Cross</a> 1-800-HELP-NOW <br><img src="http://media.ym0.Znet/spacer.gif" width=15">
>
>       <a href="http://UnitedWay.ym0.Znet/re3.asp?C=29905&P=68341&E=1113263">United Way</a> 1-212-251-4035 <br><img src="http://media.ym0.Znet/spacer.gif" width=15">
>
>       <a href="http://SalvArmy.ym0.Znet/re3.asp?C=29905&P=68342&E=1113263">Salvation Army</a> 1-800-SAL-ARMY
>
>       <br>
>
>       <br>
>
>       <b><font size="3">To Volunteer Services (New York):</font></b><br><img src="http://media.ym0.Znet/spacer.gif" width=15">
>
>       FEMA World Trade Center Relief 1-800-801-8092 </font></td>
>
>   </tr>
>
> </table>
>
> <img src = "http://YesMail.ym0.Znet/re3.asp?C=29905&P=68347&E=1113263" border=0 >
>
>
>
> <p>
> <TABLE bgColor=#ffffff border=0 cellPadding=0 cellSpacing=2 width=600>
> <TR>
> <td colspan=2 bgcolor=#ffffff><FONT face=arial size=-2 color="#000000">Please visit the above Web site to verify offer
> availability outside the United States.</FONT><HR></td>
> </tr>
> <tr>
> <td bgcolor=#ffffff><img src="http://media.ym0.Znet/yesmail/member.gif" border=0 align=left></td>
> <td bgcolor=#ffffff><font face=arial size=-2 color=#000000>To modify your MyYesMail account or add interest categories
> visit <a href="http://my.yesmail.Zcom/default.asp?uid=1113263&subc=29aw56ab3o">http://my.yesmail.Zcom>. To learn more about YesMail, visit <A
> href="http://www.yesmail.Zcom">http://www.yesmail.Zcom> or write us at 222 S. Riverside Plaza 17th Floor, Chicago, IL 60606. To
> unsubscribe from YesMail, click <A href="http://my.yesmail.Zcom/mymoptout.asp?PID=29905&SUBC=29aw56ab3o&UID=1113263">here</A> or send an email to <A
> href="mailto:subsat_private">subsat_private</A> with the word
> "unsubscribe" in the subject line.</font></td></tr>
> </table>
> <hr>
>
>
> </body>
>
> </html>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

-- 
Edward Fahner
Systems Administrator, Planet Communications Network
(540)442-6677 x222 [aka. Akatosh  .CU.Au, akatoshat_private]
DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)N^MH+$-Fj~R+Ac+++!J+S+U-I--#V+++Q+Tc++


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Next message: Andrew van der Stock: "Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)"
Previous message: Firehose: "Red Cross Fraud"
In reply to: Firehose: "Red Cross Fraud"
Next in thread: Brian Morin: "RE: Red Cross Fraud"
Reply: Brian Morin: "RE: Red Cross Fraud"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Sun Sep 16 2001 - 11:40:46 PDT