Email title: 'Security Alert on Microsoft Internet Explorer'
Scam target: Suntrust customers
Email format: HTML email
Sender: support @ suntrust.com
Sender spoofed? Yes
Phish 'punch line' : 'SunTrust security systems require that you test your browser now to see if it meets the requirements for SunTrust Internet Banking.
Please sign on to Internet Banking in order to verify security update installation.'
Scam goal: Getting victim's Suntrust website username/password, credit card information
Phish link method a link in the HTML email
Visible link: 'Sign on'
Actual link to h++p://22.214.171.124/s/login.html
Phish website hosted on: 126.96.36.199
This is a second phish using this kind of bait. The message is persuasive and well crafted:
Screenshot at here
The sender is spoofed and the link's URL is hidden, which makes this message a dangerous phish.
More details in Anti-Phishing.org
Sun stamps on Java bug
Sun Microsystems claimed yesterday that its attempt to stamp on a recently discovered Java Virtual Machine (JVM) security bug has been successful. Security experts warned that the potentially devastating flaw in the JVM Run Time Environment could leave millions of desktops open to attack.
However, Sun stated: "Early indications are that Sun's response to this issue has been effective. As of 29 November 824,244 users have downloaded the upgraded version of J2SE 1.4.2_06 that corrects the vulnerability."