[Full-Disclosure] FYI: Visa abuse - equal to PayPal abuse

roman.kunz_at_juliusbaer.com
Date: 01/30/04

  • Next message: roman.kunz_at_juliusbaer.com: "[Full-Disclosure] [BU-NOSPAM] FYI: Visa abuse - equal to PayPal abuse" 
    To: full-disclosure@lists.netsys.com
Date: Fri, 30 Jan 2004 09:09:55 +0100

    Spam detection software, running on the system "chex.decru.com", has
    identified this incoming email as possible spam. The original message
    has been attached to this so you can view it (if it isn't spam) or block
    similar future email. If you have any questions, see
    the administrator of that system for details.

    Content preview: This is a multipart message in MIME format. I apologise
      if this has already been posted. it's nearly the same rubbish as within
      the *Attempt to steal paypal password *. Button is leading to
      http://%77%77%77%2e%76%62%69%6c%6c%2e%62%69%7a/ = www.vbill.biz (Domain
      Infos see below VISA - Message) [...]

    Content analysis details: (9.2 points, 7.5 required)

     pts rule name description
    ---- ---------------------- --------------------------------------------------
     0.3 NO_REAL_NAME From: does not include a real name
     1.2 DEAR_SOMETHING BODY: Contains 'Dear (something)'
     0.5 HTML_20_30 BODY: Message is 20% to 30% HTML
     0.0 HTML_MESSAGE BODY: HTML included in message
     0.1 HTML_FONT_BIG BODY: HTML has a big font
     2.4 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname
     4.0 BIZ_TLD URI: Contains a URL in the BIZ top-level domain
     0.7 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a URL

    The original message was not completely plain text, and may be unsafe to
    open with some email clients; in particular, it may contain a virus,
    or confirm that your address can receive spam. If you wish to view
    it, it may be safer to save it to a file and open it with an editor.

    attached mail follows:

    To: full-disclosure@lists.netsys.com
Date: Fri, 30 Jan 2004 09:09:55 +0100

    I apologise if this has already been posted.

    it's nearly the same rubbish as within the *Attempt to steal paypal password *.
    Button is leading to http://%77%77%77%2e%76%62%69%6c%6c%2e%62%69%7a/ = www.vbill.biz
    (Domain Infos see below VISA - Message)

    regards
    roman
    _____________________start VISA_______________________
    Dear Sir/Madam,
    We were informed that your credit card is used by another person or
    stolen. It could happen if you have been shopping on-line, and someone got
    your "Billing information" including your credit card number. To avoid and
    prevent any further fraud and billing mistakes and to refund your credit
    card, it is strongly recommended to proceed filling in the secure form on
    our site and applying for our Zero Liability program. Program is free and
    it will help us to confirm the fact of fraud and investigate this accident
    as soon as possible.

    Sincerely yours, Visa Support Assistant, Alwin Desagun.
    _______________________end VISA_______________________

    Domain Info:

    Domain Name: VBILL.BIZ
    Domain ID: D6142507-BIZ
    Sponsoring Registrar: DIRECT INFORMATION PVT.
    LTD., (D.B.A. DIRECTI.COM)
    Domain Status: clientTransferProhibited
    Registrant ID: DI_278051
    Registrant Name: Denis Yarin
    Registrant Organization: Vbill
    Registrant Address1: Chapaeva 18-2-39
    Registrant City: Zhukovski
    Registrant Postal Code: 140110
    Registrant Country: Russian Federation
    Registrant Country Code: RU
    Registrant Phone Number: +7.246507129
    Registrant Email: vbillbiz@yahoo.com
    Administrative Contact ID: DI_278051
    Administrative Contact Name: Denis Yarin
    Administrative Contact Organization: Vbill
    Administrative Contact Address1: Chapaeva 18-2-39
    Administrative Contact City: Zhukovski
    Administrative Contact Postal Code: 140110
    Administrative Contact Country: Russian Federation
    Administrative Contact Country Code: RU
    Administrative Contact Phone Number: +7.246507129
    Administrative Contact Email: vbillbiz@yahoo.com
    Billing Contact ID: DI_278051
    Billing Contact Name: Denis Yarin
    Billing Contact Organization: Vbill
    Billing Contact Address1: Chapaeva 18-2-39
    Billing Contact City: Zhukovski
    Billing Contact Postal Code: 140110
    Billing Contact Country: Russian Federation
    Billing Contact Country Code: RU
    Billing Contact Phone Number: +7.246507129
    Billing Contact Email: vbillbiz@yahoo.com
    Technical Contact ID: DI_278051
    Technical Contact Name: Denis Yarin
    Technical Contact Organization: Vbill
    Technical Contact Address1: Chapaeva 18-2-39
    Technical Contact City: Zhukovski
    Technical Contact Postal Code: 140110
    Technical Contact Country: Russian Federation
    Technical Contact Country Code: RU
    Technical Contact Phone Number: +7.246507129
    Technical Contact Email: vbillbiz@yahoo.com
    Name Server: DNS3.HOSTMATIX.COM
    Name Server: DNS1.HOSTMATIX.COM
    Created by Registrar: DIRECT INFORMATION PVT.
    LTD., (D.B.A. DIRECTI.COM)
    Last Updated by Registrar: DIRECT INFORMATION PVT.
    LTD., (D.B.A. DIRECTI.COM)
    Domain Registration Date: Mon Jan 26 14:23:27 GMT
    2004
    Domain Expiration Date: Tue Jan 25 23:59:59 GMT
    2005
    Domain Last Updated Date: Thu Jan 29 22:18:35 GMT 2004

     

    *****Disclaimer*****
    This message is for the addressee only and may contain confidential or
    privileged information. You must delete and not use it if you are not the
    intended recipient. It may not be secure or error-free. All e-mail
    communications to and from the Julius Baer Group may be monitored.
    Processing of incoming e-mails cannot be guaranteed. Any views expressed
    in this message are those of the individual sender. This message is for
    information purposes only. All liability of the Julius Baer Group and its
    entities for any damages resulting from e-mail use is excluded. US persons
    are kindly requested to read the important legal information presented
    after clicking here: http://www.juliusbaer.com/maildisclaimer
     

    *****Disclaimer*****
    This message is for the addressee only and may contain confidential or
    privileged information. You must delete and not use it if you are not the
    intended recipient. It may not be secure or error-free. All e-mail
    communications to and from the Julius Baer Group may be monitored.
    Processing of incoming e-mails cannot be guaranteed. Any views expressed
    in this message are those of the individual sender. This message is for
    information purposes only. All liability of the Julius Baer Group and its
    entities for any damages resulting from e-mail use is excluded. US persons
    are kindly requested to read the important legal information presented
    after clicking here: http://www.juliusbaer.com/maildisclaimer

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: roman.kunz_at_juliusbaer.com: "[Full-Disclosure] [BU-NOSPAM] FYI: Visa abuse - equal to PayPal abuse"