Bank of Montreal Phish

From buzzer@knut.bzrhosting.com Sun Dec 18 17:04:13 2011

Return-Path: buzzer@knut.bzrhosting.com

X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on doctor.nl2k.ab.ca

X-Spam-Level:

X-Spam-Status: No, score=1.0 required=5.0 tests=RCVD_IN_BACKSCATTER

autolearn=no version=3.3.2

X-Original-To: doctor@doctor.nl2k.ab.ca

Delivered-To: doctor@doctor.nl2k.ab.ca

Received: from localhost (localhost.nl2k.ab.ca [127.0.0.1])

by doctor.nl2k.ab.ca (Postfix) with ESMTP id 5FCCB12CFA83

for ; Sun, 18 Dec 2011 17:04:13 -0700 (MST)

X-Virus-Scanned: amavisd-new at doctor.nl2k.ab.ca

Received: from doctor.nl2k.ab.ca ([127.0.0.1])

by localhost (doctor.nl2k.ab.ca [127.0.0.1]) (amavisd-new, port 10024)

with ESMTP id SyzGAFhaW8QY for ;

Sun, 18 Dec 2011 17:03:59 -0700 (MST)

Received: from melvin.bzrhosting.com (melvin.bzrhosting.com [78.46.71.176])

by doctor.nl2k.ab.ca (Postfix) with ESMTP id 8BE3912CFA82

for ; Sun, 18 Dec 2011 17:03:57 -0700 (MST)

Received: from localhost (localhost [127.0.0.1])

by melvin.bzrhosting.com (Postfix) with ESMTP id CC59F8151320

for ; Mon, 19 Dec 2011 01:03:53 +0100 (CET)

X-Virus-Scanned: Debian amavisd-new at www.bzrhosting.com

Received: from melvin.bzrhosting.com ([127.0.0.1])

by localhost (melvin.bzrhosting.com [127.0.0.1]) (amavisd-new, port

10024) with LMTP id xXSyuctVIEB1 for ; Mon, 19

Dec 2011 01:03:53 +0100 (CET)

Received: from knut.bzrhosting.com (knut.bzrhosting.com [46.4.85.58])

by melvin.bzrhosting.com (Postfix) with ESMTP id 98AF68168439

for ; Sun, 18 Dec 2011 23:27:50 +0100 (CET)

Received: by knut.bzrhosting.com (Postfix, from userid 10013)

id A27D12542BFB; Sun, 18 Dec 2011 23:27:03 +0100 (CET)

To: doctor@doctor.nl2k.ab.ca

Subject: ***SPAM**
Online Banking Security Notification

X-PHP-Originating-Script: 10013:z.php

From: Bank Of Montreal

Reply-To:

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Message-Id: <20111218222703.A27D12542BFB@knut.bzrhosting.com>

Date: Sun, 18 Dec 2011 23:27:03 +0100 (CET)

X-Sanitizer: This message has been sanitized!

X-Sanitizer-URL: http://mailtools.anomy.net/

X-Sanitizer-Rev: $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $

Status: RO

Content-Length: 7074

Lines: 136



























Our Valued Customer,



?



You Have 1 New Security Message Alert!



?









Click here to resolve the problem



?



Sincerely,


BMO Financial Group


Security Department Team









This message has been 'sanitized'. This means that potentially

dangerous content has been rewritten or removed. The following

log describes which actions were taken.





Sanitizer (start="1324253056"):

SanitizeFile (filename="unnamed.html, filetype.html", mimetype="text/html"):

Match (names="unnamed.html, filetype.html", rule="2"):

Enforced policy: accept



Rewrote HTML tag: >>_table id="table3" style="BORDER-COLLAPSE: collapse" width="245" border="0" height="163"_<<

as: >>_table id="table3" DEFANGED_style="BORDER-COLLAPSE: collapse" width="245" border=0 height="163"_<<

Note: Styles and layers give attackers many tools to fool the

user and common browsers interpret Javascript code found

within style definitions.



Rewrote HTML tag: >>_span style="font-family:Arial;color:black;background-color:#FFFFCC"_<<

as: >>_DEFANGED_span style="font-family:Arial;color:black;background-color:#FFFFCC"_<<

Rewrote HTML tag: >>_a rel="nofollow" target="_blank" href="http://justtarget.com.br/lm/prueba/prueba/prueba/www4.bmo.com/jhf/www4.bmo.com/index.htm"_<<

as: >>_a DEFANGED_rel="nofollow" target="_blank" href="http://justtarget.com.br/lm/prueba/prueba/prueba/www4.bmo.com/jhf/www4.bmo.com/index.htm"_<<

Rewrote HTML tag: >>_span id="lw_1175946114_0"_<<

as: >>_DEFANGED_span id="lw_1175946114_0"_<<

Rewrote HTML tag: >>_/span_<<

as: >>_/DEFANGED_span_<<

Rewrote HTML tag: >>_/span_<<

as: >>_/DEFANGED_span_<<

Rewrote HTML tag: >>_/div_<<

as: >>_/p__DEFANGED_div_<<

Total modifications so far: 7







Anomy 0.0.0 : Sanitizer.pm

$Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $









This message has been

+'sanitized'. This means that potentially

dangerous content has been rewritten or removed. The following

log describes which actions were taken.





Sanitizer (start="1324253056"):

SanitizeFile (filename="unnamed.html, filetype.html", mimetype="text/html"):

Match (names="unnamed.html, filetype.html", rule="2"):

Enforced policy: accept



Rewrote HTML tag: >>_table id="table3" style="BORDER-COLLAPSE: collapse" width="245" border="0" height="163"_<<

as: >>_table id="table3" DEFANGED_style="BORDER-COLLAPSE: collapse" width="245" border=0 height="163"_<<

Note: Styles and layers give attackers many tools to fool the

user and common browsers interpret Javascript code found

within style definitions.



Rewrote HTML tag: >>_span style="font-family:Arial;color:black; background-color:#FFFFCC"_<<

as: >>_DEFANGED_span style="font-family:Arial;color:black; background-color:#FFFFCC"_<<

Rewrote HTML tag: >>_a rel="nofollow" target="_blank" href="http://justtarget.com.br/lm/prueba/prueba/prueba/www4.bmo.com/jhf/www4.bmo.com/index.htm"_<<

as: >>_a DEFANGED_rel="nofollow" target="_blank" href="http://justtarget.com.br/lm/prueba/prueba/prueba/www4.bmo.com/jhf/www4.bmo.com/index.htm"_<<

Rewrote HTML tag: >>_span id="lw_1175946114_0"_<<

as: >>_DEFANGED_span id="lw_1175946114_0"_<<

Rewrote HTML tag: >>_/span_<<

as: >>_/DEFANGED_span_<<

Rewrote HTML tag: >>_/span_<<

as: >>_/DEFANGED_span_<<

Rewrote HTML tag: >>_/div_<<

as: >>_/p__DEFANGED_div_<<

Total modifications so far: 7







Anomy 0.0.0 : Sanitizer.pm

$Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $











This message has been 'sanitized'. This means that potentially

dangerous content has been rewritten or removed. The following

log describes which actions were taken.





Sanitizer (start="1324253056"):

SanitizeFile (filename="unnamed.html, filetype.html", mimetype="text/html"):

Match (names="unnamed.html, filetype.html", rule="2"):

Enforced policy: accept



Rewrote HTML tag: >>_table id="table3" style="BORDER-COLLAPSE: collapse" width="245" border="0" height="163"_<<

as: >>_table id="table3" DEFANGED_style="BORDER-COLLAPSE: collapse" width="245" border=0 height="163"_<<

Note: Styles and layers give attackers many tools to fool the

user and common browsers interpret Javascript code found

within style definitions.



Rewrote HTML tag: >>_span style="font-family:Arial;color:black; background-color:#FFFFCC"_<<

as: >>_DEFANGED_span style="font-family:Arial;color:black;background-color:#FFFFCC"_<<

Rewrote HTML tag: >>_a rel="nofollow" target="_blank" href="http://justtarget.com.br/lm/prueba/prueba/prueba/www4.bmo.com/jhf/www4.bmo.com/index.htm"_<<

as: >>_a DEFANGED_rel="nofollow" target="_blank" href="http://justtarget.com.br/lm/prueba/prueba/prueba/www4.bmo.com/jhf/www4.bmo.com/index.htm"_<<

Rewrote HTML tag: >>_span id="lw_1175946114_0"_<<

as: >>_DEFANGED_span id="lw_1175946114_0"_<<

Rewrote HTML tag: >>_/span_<<

as: >>_/DEFANGED_span_<<

Rewrote HTML tag: >>_/span_<<

as: >>_/DEFANGED_span_<<

Rewrote HTML tag: >>_/div_<<

as: >>_/p__DEFANGED_div_<<

Total modifications so far: 7







Anomy 0.0.0 : Sanitizer.pm

$Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA