Dear Webmail Account User
This message is from the Webmail IT Service messaging center to all account owners. Due to the incessant rate of Spam we are currently performing maintenance and up-grading our Digital webmail services for your convenience.
To prevent your account from closing during this exercise you will have to update it below to know it's status as a currently used account with a hard spam protector.
Confirm Your WebMail Details;
User Name:
Password:
Date of Birth:
You will be sent a new confirmation alphanumerical password so that it will only be valid during this period and can be changed after the process. Please understand that this is a security measure intended to help protect your Webmail Account.
Webadmin IT Help Desk
Well ought.. but not uncommon.. I decided to check what the fuss was about. The 'from' address was: Helpdesk
The reply address was 'slightly' different though: help2desk@mail2webmaster.com
mail2webmaster.com is a company that allows people to get an email account like Hotmail and Gmail. However I was more interested in citechco.net. citechco.net appears to be vulnerable to sql injection so I'm not quite sure why this dude is trying to obtain login credentials by sending a mass-phishing-mail. SQL injection does the job so much better. I Might post an exploit later when I've informed citechco.net about the 'little' vulnerability.
Good job.
No comments:
Post a Comment