MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Phishing Kit In-the-Wild for cloning websites

One of the most common strategies for phishing attacks lies in the use of cloned websites, ie a false web page very similar to the right by which seeks to steal confidential and financial nature of the people through Internet.

This phishing kit offers just that. This is a set of web pages from popular sites ready to be uploaded to a ghost server and begin to spread (spam) through social engineering-oriented, as it can not be otherwise, to exploit the weaknesses of the weakest link in the security chain: the human factor.

For the moment, and I say for the moment because who distribute this kit probably will expand the range of cloning, the proposed Phishing attacks are:
EverQuest Forum
MetaCafe (Packstation)
Windows Live

You see, many of the pages are massively known and widely used.

Each of the folders that contain cloning host, in addition to index.html, plain text file where the recorded information is stored on the victim and a login.php that contains the following code:
? php
header ( 'Location: website');
$ handle = fopen ( "log.txt", "a");
$value) {">foreach ($ _POST as $ variable => $ value) (
fwrite ($ handle, $ variable);
fwrite ($ handle, "=");
fwrite ($ handle, $ value);
fwrite ($ handle, "\ r \ n");
fwrite ($ handle, "\ r \ n");
fclose ($ handle);

Where the function header ( 'Location:') contains the information of the site and $ handle = fopen ( "log.txt", "a") opens the text file log.txt in opening mode and writing.

Most of these clones are active so we must be careful when accessing web sites whose services are similar.

On the other hand, clearly shows that the kit was intended to commit fraud, and the fact of being available on the Internet becomes even more dangerous as enhancing the chances of being potential victims of these fraudulent actions.

Related information
Phishing and "stories" in Christmas
Phishing for American Express and tips

Jorge Mieres

0 comentarios:

Post a Comment