Monday, February 16, 2009

Phishing Kit In-the-Wild for cloning of web site

One of the most common strategies for Phishing attacks are located in the use of cloning site, ie a fake page is very similar to the right by which seeks to steal confidential and financial nature of people through Internet.

This kit suggests Phishing just that. This is a set of web pages from popular sites ready to be uploaded to a ghost server and begin to spread (spam) targeted by social engineering, as it can't be otherwise, to exploit the weaknesses of the weakest link in the security chain: the human factor.

For the moment, and I say for now because surely those who distribute this kit iran expand the range of cloning, the proposals for Phishing attacks are:

AOL.com
AIM.com
d2jsp.org
DailyMotion.com
eBay.com
EverQuest Forum
FaceBook.com
FileFront.com
Gmail.com
Gmail.de
Habbo.de
Habbohotel.com
ICQ.com
store.apple.com
Megaupload.com
MMOCheats.com
Myspace.com
Nexon.net
OGame.de
Oxedion.de
dhl.de (Packstation)
PayPal.com
PhotoBucket.com
RapidShare.com
RapidShare.de
Ripway.com
siteworld.de
Skype.com
store.steampowered.com
Strato.com
Usenext.com
VanGuard
Yahoo.com
YouTube.com



As you will see, many of the pages are heavily used and widely known.

Each of the folders that contain cloning housed, in addition to index.html, a plain text file where it stores the recorded information of the victim and a login.php which contains the following code:
?php
header ('Location: website');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?

Where the function header ( 'Location:') contains information on the website and $handle = fopen ( "log.txt", "a") opens the text file log.txt in opening mode and writing.

Most of these cloning are active so it's necessary to be vigilant when accessing web sites whose services are similar.

On the other hand, clearly shows that the kit was designed to commit fraud, and the fact of being available on the Internet makes it even more dangerous boosting the chances of being potential victims of these fraudulent actions.

# Jorge Mieres

No comments: