Auto Whaler Spears Phishers

| | Comments (1)
Proving conclusively that there is no honour among thieves (as if you needed proof), here's a website that goes hunting for so-called "big fish" - namely, phishers with a plentiful collection of logins stored on their phishing pages.

The website itself is free of content, save for one small search bar at the top of the screen.

autowhle1.jpg

As you've probably guessed, the wannabe Whaler (traditionally a hunter of high level executives and CEOs, now turning their target on, um, random phishers) enters the URL of a confirmed phishing site into the box and hits "Submit".

At this point, the site checks a large list of common (and not so common) filenames that are likely to contain lots of logins gathered up by the original phisher.

If the Whaler is successful, they'll see something like this:

autowhle3.jpg

From there, it's simply a case of the Whaler collecting the logins, changing all the passwords and bumping up their tally of stolen details with a minimum of effort. If you're one of the phishing victims whose login details are now changing hands from phisher to whaler, you have my apologies - it can't be nice to see your already stolen account become that little bit dirtier.

While the above site will no doubt be crashing and burning sometime in the near future (especially as the free hosting it sits on can't seem to cope with the strain of becoming the most popular site on the web for script kiddies and account stealers in general), you can bet there will be endless copycats to take its place.

Can't wait to see what "Version 2" brings...

1 Comments

Thanks for your coverage sir.

You can use the auto whaler tool @

http:[[redacted]]

and watch a tutorial @

[[redacted]]

Thanks!

*Note

AutoWhaler Does not do anything illegal or malicious it simply sees if certain certain pages exist on a sever.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on December 7, 2009 11:59 AM.

Fake Porn Grabbers Snag Nothing But Malware was the previous entry in this blog.

The Futility Of EULAs is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.