Phishing Scams: September 2009 Archives

More often than not, most DIY programs I see tend to be on the murkier side of "designed well". In fact, it's more like somebody threw up on their coding tools. However, sometimes a leet hax program comes along and despite the horrible things it does, you can't help but be impressed by the design and general stylistic trappings.

The creators will still burn in Hell, of course.

But ooooh - shiny. Blinky.

Anyway, here it is - the Phish Pharm:


In case you're wondering, the fake Phish pages are in the Source Files Folder, and the two programs used are underneath. Let's take a trip to the pharm - sorry - first.

Click to Enlarge

As you can see, it's a well designed package with a lot of options. A whole bunch of "target sites" are pre-made and ready to roll, from Twitter and Myspace to GMail and Steam - no messing around trying to create fake login pages here.

There's SQL support too:


.....slick. The final option allows you to be notified via EMail every time someone falls for one of your Phish pages. However, you can skip that altogether in favour of a more elegant solution - the Monitor.

Fire up the second program, and it dumps itself into your System Tray. As and when stolen accounts appear in your logs, the program - which can be made to check at an interval of your choosing - pops up a message like this:


 Click the message, and the Monitor program launches:

Click to Enlarge

Type of Phish (in this case, a GMail phish), Username, Password and IP Address are all logged.

Did I mention this was slick? Depressingly so. Anyway, avoid phish pages, etc etc and yadda yadda.
Thought I'd get this online asap, as Maplestory is a pretty popular MMORPG and this one seems to be doing the rounds so let's get down to business.

A number of leet hax forums are promoting a tool that looks like this:


As you've probably guessed, the above is sent to the victim with the promise of free stuff (in this case, up to 100 million mesos and 50k NX, which I suppose sounds very impressive).

Anyone unfortunate enough to enter their Username, Password and PIN is going to find themselves on a one way trip to Phishtown courtesy of an EMail sent in the background to the attacker. We're still trying to grab a copy of this program (wary of leeching, distribution is currently limited to direct requests from trusted members on certain forums) but some of the features are pretty interesting. Check this out:

*Vista manifest for highest permission available (asks for admin permission before starting)
*Edits the hostfile so the victim cannot go to any help sites/nexon mainsite
*Checks to see if the username & password is correct, via the official website.
*Comes with a builder.
*E-mail tester in builder

In addition, these are pretty clever things for a program like this to do:

* Encrypts your GMAIL E-Mail & Password.
*Auto kills ALL running Process explorer(s) before sending you the inputted info.
*Auto kills ALL running WireShark(s) before sending you the inputted info.

Auto killing Wireshark and process explorers? Can't say I've seen that done in a phisher like this before.

Avoid the above program like the plague...


About this Archive

This page is a archive of entries in the Phishing Scams category from September 2009.

Phishing Scams: August 2009 is the previous archive.

Phishing Scams: October 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.