Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

12/23/03 CitiBank/Visa Account Phishing, ISS IE URL Spoofing filter, Dameware scanning, Apple patch links

Published: 2003-12-24
Last Updated: 2003-12-24 21:21:01 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
"Good will towards everyone"

A current Visa/CitiBank account phishing e-mail has been posted by CitiBank at

At the website select the
"Date: 12/23/03 Subject: Visa Security Update (report it)"
link where CitiBank has posted solid security recommendations and screenshots
of the phony e-mail and it's pop-up's.

Defeat Phishing E-mail URL spoofing - ISS's Internet Explorer URL Spoofing

Although there is not a Microsoft patch yet for the severe
vulnerability being actively exploited using Internet Explorer URL
obfuscation and html based "phishing" e-mails. But thanks to the super work
by Internet Security Systems I'll be giving family and acquaintences a
Holiday patch for the Microsoft Internet Explorer domain URL spoofing
vulnerability. And don't we all have family and acquaintances that need it.
The free Internet Security Systems tool is available at the following address:

"Microsoft Internet Explorer domain URL spoofing filter.

ISS has developed a tool that will plug-in to Internet Explorer and filter
hostile URLs that exploit this vulnerability. This tool is designed to strip
hostile redirection from URLs and send users to the legitimate URL, instead
of a rogue Web server."
Dameware - Port 6129 scanning

The number of "Sources" detected scanning Port 6129 is steadily increasing.
Since December 19th, the reported number of "sources" scanning Port 6129
has risen by one thousand systems. URL:
Apple Security Updates

Last Updated: 2003-12-22

Apple Security Updates

Article ID:61798

Created: 11/15/02

Modified: 12/22/03

Security Update 2003-12-19 for Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8

Security Update 2003-12-19 for Mac OS X 10.3.2 "Panther" and Mac OS X 10.3.2

Patrick Nolan
0 comment(s)
Diary Archives