Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
Recent Posts
Monthly Blog Archives
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

« Myspace Fake Profile Spammers: This Is How They Do It | Main | Myspace Advert Tricks End-Users With Fake Facebook Application »

  • Do It Yourself Phishing for Social Networks And Webmail

Every now and again, I see something interesting pop up on Myspace and decide to take a closer look -as you might have guessed, this is one of those occasions. There I was, trawling through some Myspace groups when I happened to see this....


Check out the site from 2006 courtesy of Internet Archive - it's fair to say these guys could do with a few pointers on interior decor:

Click to Enlarge

...if someone asked a toy company to design a hacking site, that might be what they come up with. I guess they realised this too, because if you go there now...

Click to Enlarge

Ooh, scary! Shall we take a look around their "Hackyard"? As you might have guessed, there's not a lot here that would fall under the banner of "ethical hacking", despite their claims on the frontpage. Inside are a collection of (frankly awful) forums, news articles and some other bits and pieces that fail to attract any attention. However...


"MSN / Hotmail hacking page"? Nice. Click the link, and you're given a number of options to choose from:

Click to Enlarge

Hotmail, Yahoo, Myspace, Orkut, hi5 and Facebook are all listed. Select your chosen target, and you'll be presented with a custom-built drop down menu:


Select the "E-Card" of your choice, enter the Email address of your victim then hit generate - you'll be presented with auto-generated text for your email:

Click to Enlarge

At this point, cut and paste the text into your own mail, send it to your target and wait. Depending on the service you chose to "attack", the recipient might see something like the above, or something like this:


When they click the link, the target is redirected to another domain - of course, they'll be presented with something relevant to the service you're trying to "hack":

Click to Enlarge

Phish pages ahoy! They have a number of these all sitting on the same domain:

Click to Enlarge

Here's a fake Hotmail login:

Click to Enlarge

...and a fake Myspace:

Click to Enlarge

The good news is, the domain is flagged as a known Phish host when visiting in Internet Explorer:

Click to Enlarge

But wait, I hear you say. How do you get your hands on the phished user details? Well, here comes the clever part. The stolen login details are handily posted to the top of your login screen on Hothackerclub.com:

Click to Enlarge

Note that it tells you numerous pieces of information including number of accounts stolen, the date you did it and the type of service account compromised so the budding hacker can keep a nice running total of their exploits.

So, who runs these sites? Well, Hothackerclub.com is anonymous - however, it looks like someone slipped up with regards the registration for the site hosting the phish pages:

Digital Studio
47-Tufail Road Cantt Lahore
Lahore, Other 54000

Domain name: GREETING4LL.COM

Administrative Contact:
Sulahria, Muhammad Yousaf yousaf2k@gmail.com
47-Tufail Road Cantt Lahore
Lahore, Other 54000
+92.3334112402 Fax: +92.3334112402"

Of course, "Muhammad Yousaf" is the individual who first posted to Myspace.

Be wary of anything Emailed to you that requires you to login to any of the sites mentioned above - if in doubt, right click the live link in the Email and check what domain it points to. Otherwise, you might end up on a hackers rapidly growing trophy list...

  • TrackBack

TrackBack URL for this entry:

Listed below are links to weblogs that reference Do It Yourself Phishing for Social Networks And Webmail:

» map from http://mapsaccess.info
most luxurious map. [Read More]

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

© Copyright 2006, FaceTime Communications, Inc. All rights reserved.