This kit suggests Phishing just that. This is a set of web pages from popular sites ready to be uploaded to a ghost server and begin to spread (spam) targeted by social engineering, as it can't be otherwise, to exploit the weaknesses of the weakest link in the security chain: the human factor.
For the moment, and I say for now because surely those who distribute this kit iran expand the range of cloning, the proposals for Phishing attacks are:
AOL.comAIM.com
d2jsp.org
DailyMotion.com
eBay.com
EverQuest Forum
FaceBook.com
FileFront.com
Gmail.com
Gmail.de
Habbo.de
Habbohotel.com
ICQ.com
store.apple.com
Megaupload.com
MMOCheats.com
Myspace.com
Nexon.net
OGame.de
Oxedion.de
dhl.de (Packstation)
PayPal.com
PhotoBucket.comRapidShare.com
RapidShare.de
Ripway.com
siteworld.de
Skype.com
store.steampowered.com
Strato.com
Usenext.com
VanGuard
Yahoo.com
YouTube.com
As you will see, many of the pages are heavily used and widely known.
Each of the folders that contain cloning housed, in addition to index.html, a plain text file where it stores the recorded information of the victim and a login.php which contains the following code:?phpWhere the function header ( 'Location:') contains information on the website and $handle = fopen ( "log.txt", "a") opens the text file log.txt in opening mode and writing.
header ('Location: website');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?
Most of these cloning are active so it's necessary to be vigilant when accessing web sites whose services are similar.
On the other hand, clearly shows that the kit was designed to commit fraud, and the fact of being available on the Internet makes it even more dangerous boosting the chances of being potential victims of these fraudulent actions.
# Jorge Mieres
No comments:
Post a Comment