There are hundreds of ready-for-use phishing kits available on the Internet. At the beginning of this month, a list with more than 400 links had been circulated on mailing lists and forums. Some kits are a compilation of different sophisticated scripts that can spoof many different brands at once and sometimes even bypass two-factor authentication schemas. However, the vast majority are simply archived copies of the original Web site, modified to include a small PHP script that will send the stolen credentials to an email account.
We know that not all phishers have a Ph.D. in the art of phishing; therefore, you can sometimes find some interesting and funny pieces of code in phishing kits found on the Internet. As Easter is coming up soon, I decided to compile a top five list of the funniest Easter eggs that I have seen in phishing kits lately.
In 5th place: Local image paths Sometimes, phishers do not check if all links are converted correctly....
My colleague, Takashi Katsuki, posted a blog that describes how Trojan.Farfli provides a service to affiliates, which allows them to increase the number of hits for an affiliate’s tracker. Recently I came across another Trojan, which provides such a service: Trojan.Trafbrush.
When Trojan.Trafbrush is executed, it drops several components and registers a browser helper object (BHO). It then downloads two configuration files from 1.mailhunt.cn. One of the files is config.ini, which contains display options of a...
We have previously discussed Trojan.Bayrob without describing theentire attack from end to end. This article will show how the entirescam works from initial contact right through to the actual sale.Security experts at eBay are already well aware of it and working toprotect their customers.
Tip: It should be noted from the outset thatpotential buyers should read safety tips and follow preventativemeasures provided by their service provider.
To start with, take a look at this video for a walk-through of our analysis:
In order to attract potential victims the scammers first list carsfor sale on various auction sites. These auctions are not scams per se,but they are "legit" auctions that are used solely to attract potentialvictims—whoever asks a question or bids on these auctions becomes apotential victim. Once these auctions have expired the scammers get towork emailing each potential victim. These emails explain that thewinner of the...
While there are various ways for attackers to trick users intodisclosing their authentication credentials, phishing remains one ofthe most popular. Our spam traps caught a series of emails purportingto be from a disgruntled eBay user demanding an answer regarding arecent transaction. The emails contain a number of hyperlinks to theproduct in question which, when clicked, results in a browser-based FTPtransaction to a remote host which displays a carbon copy of thelegitimate eBay login page.
What caught my attention was the inclusion of one of eBay's securitytips within the fraudulent copy, instructing users to "Check that theWeb address in your browser starts with https://signin.ebay.com". Oneonly needs to follow this advice to see that the page they are on isindeed suspicious:
