TSK Security Brief - - 26mar99
AOL Logon/Password Scam
              ___________________________________________
              ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
              T*S*K                                 T*S*K
                   The Shadow Knights Security Corp.
              T*S*K                                 T*S*K
                       http://www.ShadowGovt.net
              ___________________________________________
              ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Brief written by - - The Phantom x^\|/^x

http://server.com/WebApps/byo.cgi?id=5101
http://server.com/WebApps/byo.cgi?id=5102
http://server.com/WebApps/byo.cgi?id=5103
http://server.com/WebApps/byo.cgi?id=5104
http://server.com/WebApps/byo.cgi?id=5105
http://server.com/WebApps/byo.cgi?id=5106


The above links are from a scam e-mail that has been sent to who knows how many AOL members.  The 
setup is fairly elaborate and is a little harder for the common AOL user to detect then most AOL 
E-mail scams.  Because most AOL users are not familiar with the 'real' Internet the scam has 
probably collected at least 80% of the logon/password combos it has set out to snatch.  Though I 
am not sure to the extent off the scam, I do know that this is yet another attempt at a breach in
AOL security thanks to a little Social Engineering.  I received the e-mail via BCC from 
Pitwell@aol.com . The scam includes a subject of 'AOL Internet Accelerator' and the body 
contains claims of faster Internet access IF you give your logon/password combo.  Body of 
message also includes details about the Personal Filing Cabinet and gives a Keyword where you 
can go to change your password.  These scams will only continue if ignorance seems never to 
subdue.  Please, if you are an AOL user (like myself) never, ever, EVER giveaway your account 
information to an unauthorized source.  AOL Staff will NEVER ask for your password to your 
Logon account.  Below is the exact text of the scam e-mail (A).

I have checked out the supposed links above and they look to be from a free CGI Scripting 
Service.  The BYO Forms (Build Your Own Forms from the WebApps Service) are available at no cost 
unless of course you wish the advertisement banner (which is included in the free service) not to
be shown.

In an attempt to chat with 'John Cuber' (assuming that is his real name), AKA Pitwell@Aol.com, 
I was denied any communication.  I have attempted multiple e-mails and still have not been able
to reach him.  If you do receive this scam or similar scam e-mail, forward all the scam e-mails 
to TOSEMail1@aol.com . 

Webmaster@ShadowGovt.net - 
TSK Security Corporation - http://www.ShadowGovt.net
KnightNews Network - http://www.HackerNews.net

(A). 
"Dear Member,

Storing your sign-on password can make web surfing faster!  A password for your Personal Filing 
Cabinet protects its contents by making it necessary to enter a password each time your PFC is 
accessed.  We recommend that you use the same password for both.  You can only store passwords 
for the account with which you are currently signed on.  NOTE:  Storing passwords does not 
change your sign-on password.  To change your sign-on password, go to Keyword:  Password.

We are currently introducing new web surfing technology that allows faster surfing by storing 
your password on the Internet.  Each time you go to a web site your browser checks your 
password to make sure you are currently signed on.  Storing your password will make surfing 
faster & easier and you will experience speeds 250% faster then your current.  

Click Here To Store Your Internet Password Today!



Sincerely,

John Cuber"