Every now and again, I see something interesting pop up on Myspace and decide to take a closer look -as you might have guessed, this is one of those occasions. There I was, trawling through some Myspace groups when I happened to see this....
Check out the site from 2006 courtesy of Internet Archive - it's fair to say these guys could do with a few pointers on interior decor:
...if someone asked a toy company to design a hacking site, that might be what they come up with. I guess they realised this too, because if you go there now...
Ooh, scary! Shall we take a look around their "Hackyard"? As you might have guessed, there's not a lot here that would fall under the banner of "ethical hacking", despite their claims on the frontpage. Inside are a collection of (frankly awful) forums, news articles and some other bits and pieces that fail to attract any attention. However...
"MSN / Hotmail hacking page"? Nice. Click the link, and you're given a number of options to choose from:
Hotmail, Yahoo, Myspace, Orkut, hi5 and Facebook are all listed. Select your chosen target, and you'll be presented with a custom-built drop down menu:
Select the "E-Card" of your choice, enter the Email address of your victim then hit generate - you'll be presented with auto-generated text for your email:
At this point, cut and paste the text into your own mail, send it to your target and wait. Depending on the service you chose to "attack", the recipient might see something like the above, or something like this:
When they click the link, the target is redirected to another domain - of course, they'll be presented with something relevant to the service you're trying to "hack":
Phish pages ahoy! They have a number of these all sitting on the same domain:
Here's a fake Hotmail login:
...and a fake Myspace:
The good news is, the domain is flagged as a known Phish host when visiting in Internet Explorer:
But wait, I hear you say. How do you get your hands on the phished user details? Well, here comes the clever part. The stolen login details are handily posted to the top of your login screen on Hothackerclub.com:
Note that it tells you numerous pieces of information including number of accounts stolen, the date you did it and the type of service account compromised so the budding hacker can keep a nice running total of their exploits.
So, who runs these sites? Well, Hothackerclub.com is anonymous - however, it looks like someone slipped up with regards the registration for the site hosting the phish pages:
"Registrant:
Digital Studio
47-Tufail Road Cantt Lahore
Lahore, Other 54000
PK
Domain name: GREETING4LL.COM
Administrative Contact:
Sulahria, Muhammad Yousaf yousaf2k@gmail.com
47-Tufail Road Cantt Lahore
Lahore, Other 54000
PK
+92.3334112402 Fax: +92.3334112402"
Of course, "Muhammad Yousaf" is the individual who first posted to Myspace.
Be wary of anything Emailed to you that requires you to login to any of the sites mentioned above - if in doubt, right click the live link in the Email and check what domain it points to. Otherwise, you might end up on a hackers rapidly growing trophy list...
