Do It Yourself Phishing for Social Networks And Webmail

| | Comments (0)

Every now and again, I see something interesting pop up on Myspace and decide to take a closer look -as you might have guessed, this is one of those occasions. There I was, trawling through some Myspace groups when I happened to see this....

emlspm00.jpg

Check out the site from 2006 courtesy of Internet Archive - it's fair to say these guys could do with a few pointers on interior decor:

http://blog.spywareguide.com/upload/2008/01/emlspm000-thumb.jpg
Click to Enlarge

...if someone asked a toy company to design a hacking site, that might be what they come up with. I guess they realised this too, because if you go there now...

http://blog.spywareguide.com/upload/2008/01/emlspm0000-thumb.jpg
Click to Enlarge

Ooh, scary! Shall we take a look around their "Hackyard"? As you might have guessed, there's not a lot here that would fall under the banner of "ethical hacking", despite their claims on the frontpage. Inside are a collection of (frankly awful) forums, news articles and some other bits and pieces that fail to attract any attention. However...

emlspm101.jpg

"MSN / Hotmail hacking page"? Nice. Click the link, and you're given a number of options to choose from:

http://blog.spywareguide.com/upload/2008/01/emlspm0-thumb.jpg
Click to Enlarge

Hotmail, Yahoo, Myspace, Orkut, hi5 and Facebook are all listed. Select your chosen target, and you'll be presented with a custom-built drop down menu:

emlspm10.jpg

Select the "E-Card" of your choice, enter the Email address of your victim then hit generate - you'll be presented with auto-generated text for your email:

http://blog.spywareguide.com/upload/2008/01/emlspm2-thumb.jpg
Click to Enlarge

At this point, cut and paste the text into your own mail, send it to your target and wait. Depending on the service you chose to "attack", the recipient might see something like the above, or something like this:

emlspm4.jpg

When they click the link, the target is redirected to another domain - of course, they'll be presented with something relevant to the service you're trying to "hack":

http://blog.spywareguide.com/upload/2008/01/emlspm3-thumb.jpg
Click to Enlarge

Phish pages ahoy! They have a number of these all sitting on the same domain:

http://blog.spywareguide.com/upload/2008/01/emlspm6-thumb.jpg
Click to Enlarge

Here's a fake Hotmail login:

http://blog.spywareguide.com/upload/2008/01/emlspm20-thumb.jpg
Click to Enlarge

...and a fake Myspace:

http://blog.spywareguide.com/upload/2008/01/emlspm22-thumb.jpg
Click to Enlarge

The good news is, the domain is flagged as a known Phish host when visiting in Internet Explorer:

http://blog.spywareguide.com/upload/2008/01/emlspm23-thumb.jpg
Click to Enlarge

But wait, I hear you say. How do you get your hands on the phished user details? Well, here comes the clever part. The stolen login details are handily posted to the top of your login screen on Hothackerclub.com:

http://blog.spywareguide.com/upload/2008/01/emlspm11117-thumb.jpg
Click to Enlarge

Note that it tells you numerous pieces of information including number of accounts stolen, the date you did it and the type of service account compromised so the budding hacker can keep a nice running total of their exploits.

So, who runs these sites? Well, Hothackerclub.com is anonymous - however, it looks like someone slipped up with regards the registration for the site hosting the phish pages:

"Registrant:
Digital Studio
47-Tufail Road Cantt Lahore
Lahore, Other 54000
PK

Domain name: GREETING4LL.COM

Administrative Contact:
Sulahria, Muhammad Yousaf yousaf2k@gmail.com
47-Tufail Road Cantt Lahore
Lahore, Other 54000
PK
+92.3334112402 Fax: +92.3334112402"

Of course, "Muhammad Yousaf" is the individual who first posted to Myspace.

Be wary of anything Emailed to you that requires you to login to any of the sites mentioned above - if in doubt, right click the live link in the Email and check what domain it points to. Otherwise, you might end up on a hackers rapidly growing trophy list...

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on January 28, 2008 10:21 AM.

Myspace Fake Profile Spammers: This Is How They Do It was the previous entry in this blog.

Antispyware Coalition Conference 2008 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.