Rhybaření na druhou

Před pár dny mě požádal známý o „vyčištění webu“ protože se mu tam nějak dostala stránka banky. Taková ta co sbírá zajímavé a pro rhybáře velmi užitečné informace. Přeposlal mě také mail co dostal od RSA Anti Fraud Command Center. Na mailu bylo ale něco podezřelého …

A tady už je mail od RSA Anti Fraud Command Center na první pohled nic podezřelého …

  Dear ********* Team

  It appears that your website ********* has been hacked by a
  fraudster. It is now hosting a phishing attack against HawaiiUSA FCU.
  Please remove the fraudulent folders/files as soon as possible and
  secure your website as it has been compromised.

  http:/*********/images/www.hawaiiusafcu.com 
  In addition, please send us any source files of the attack.
  Please let us know if you have any questions or need further
  assistance. We appreciate your cooperation.

  RSA Anti-Fraud Command Center
  RSA, The Security Division of EMC


  Dear Sirs:

  RSA, an anti-fraud and security company, is under contract to assist
  HawaiiUSA FCU and its related entities in preventing or terminating
  online activity that targets HawaiiUSA FCU clients as potential fraud
  victims.  RSA has been made aware that you appear to be providing
  Internet Services to a fraudulent Web site, which is part of a
  "phishing scam"*. This activity violates HawaiiUSA FCU copyright,
  trademark and other intellectual property rights and may violate the
  criminal laws of the United States and other nations.

  E-mail messages have been broadly distributed to individuals by a
  person or entity pretending to be HawaiiUSA FCU. These e-mails use
  HawaiiUSA FCU name and identity (including trademarks) without
  authorization.  The e-mails request recipients to verify and submit
  sensitive details related to their HawaiiUSA FCU accounts. Within the
  fraudulent e-mail message, there is a link that leads the recipients
  to a fraudulent website displaying HawaiiUSA FCU copyrighted materials
  and trademarks.  The fraudulent website is located at the following
  URL address http:/*********/images/www.hawaiiusafcu.com
  ) to which you provide services and which is under your control.
  The fraudulent website not only represents a misuse of HawaiiUSA FCU
  intellectual property; its purpose is to improperly obtain personal
  information of HawaiiUSA FCU customers in order to fraudulently access
  their bank accounts.  The owners of those websites typically
  perpetrate identity-theft related activities, such as using customer's
  credit cards or bank accounts without authorization.  In addition,
  since the vast majority of all of the e-mails are not being sent to
  actual HawaiiUSA FCU customers, the actions may serve to damage the
  reputation and image of HawaiiUSA FCU.

  Please take all necessary steps to immediately shut down the
  fraudulent website, terminate its availability to the Internet and
  discontinue the transmission of any e-mails associated with this
  website.

  We understand that you may not be aware of this improper use of your
  services and we appreciate your cooperation. We specifically would ask
  that you also take the following actions:
  Please provide us with a tar/zip file of the source code for this
  site, so that we may analyze it to help prevent further attacks.
  If any customer data has been captured that is stored on your systems
  or equipment, please send us that data so that the customers to whom
  that data relates can be notified and take steps to protect their
  credit.
  Please provide a copy of any records you maintain that indicate the
  name, contact information, method of payment or similar information
  that may be useful in helping learn about the identity and location of
  the customer for whom the website has been operated.

  Thank you for your cooperation to prevent and terminate this
  fraudulent activity.
  Sincerely,

  RSA Anti Fraud Command Center
  Tel: +44(0)800-032-7751 (UK)
  Tel: +1-866-408-7525 (US)
  Fax: +972-9-9566658 (EU)
  Fax: +1-212-208-4644 (US)
  E-mail:  afcc@rsasecurity.com http://www.rsa.com For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3348 

  HawaiiUSA Federal Credit Union
  Name: Michael R. Camat
  Address: 1226 College Walk
  Tel: (808) 534-4300
  Fax: (808) 534-4349
  E-mail:  mcamat@hawaiiusafcu.com 


  *"Phishing" is an e-mail scam that attempts to trick consumers into
  revealing personal information, such as their credit or debit account
  numbers, checking account information, Social Security Numbers, or
  banking account passwords, through an imposter's Web site or in a
  reply e-mail.

Dokonce ti hodní kluci prohlédnou zdrojový kód webu a poradí co upravit aby se tam ti zlí už nedostali.

Podivné je že mail přišel z adresy

RSA Anti-Fraud Command Center <afcc247@gmail.com>

Že by neměly vlastní mailserver? Spíš to bude tím že nějaký rhybář nahodil falešnou stránku banky, jiný ji našel a napadlo ho, že by nebylo špatné, poctivě nakradené údaje vymámit z majitele webu, protože ve zdrojích falešné stránky byl mimo jiné i soubor s nasyslenými daty.

No nic, tak to je vše, jdu nakupovat, ten seznam kreditek mi na pár měsíců vystačí :)