Hackers vs. Phishers 137
An anonymous reader writes "Some hackers out there don't like to do all the hard work of running a successful phishing campaign. Instead, they developed a simple online service to 'steal' account details from the hard-working phishers. Named AutoWhaler, the service allows anyone to scan a phishing server for log files that contain juicy information such as usernames and passwords."
Hacker culture (Score:5, Interesting)
Re:Parasites are everywhere, for natural reasons (Score:2, Interesting)
In other news, some Slashdot users don't like to do all the hard work of writing inspiring posts to build karma. Instead, they developed a simple online service to 'steal' karma from the hardworking posters. The service allows anyone to scan Slashdot articles for underrated comments and automatically post replies urging moderators to "mod parent up".
Actually I've found that "mod parent up" posts are quite likely to get you modded down.
Replying to let someone know how they're wrong, now that's how you get easy karma!
Re:People of ill repute diong thingfs of ill reput (Score:2, Interesting)
People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?
This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.
I think the subtext here is that hackers aren't necessarily bad guys and so it's more like repo men stealing from car thieves, still not completely shocking but somewhat more interesting.
i tried it out and... (Score:2, Interesting)
...all it does is to try access a number of pre-defined files from the root directory of the probed host: passwords.txt, logs.txt, l0gz.txt, accounts.txt etc. -- talk about sophisticated hacker tool! massive all phreaker big-up! what a joke...
the tool also "epically fails" if you supply a host that is not encapsuled in http:// ... /
Re:Dag-nabbit! (Score:3, Interesting)
Hacking is about finding the most efficient route to the juiciest payload without ruffling feathers unduly. Here's a fun article [seoblackhat.com] that I think illustrates this concept really well.
Re:Not surprised (Score:3, Interesting)
Low-quality phishing software (Score:4, Interesting)
I've seen that, too. Recently, Stanford University came up on our short list of major sites being exploited by phishers. [sitetruth.com] I was surprised, because Stanford is usually good about stopping that. It was a weird subdomain under "stanford.edu", and at first I thought someone had compromised Stanford's DNS to get their site under the "stanford.edu" domain. But no, it was just some minor machine that had had a break-in.
The directory with the phishing page was readable as a web page and contained the log of captured passwords, so I sent those to Stanford security and Bank of America security. Haven't heard back from either. After the end of the weekend, the site was taken down, and that took Stanford off the blacklist.
We've been reasonably successful at cleaning up that list. We're trying to popularize the idea that one verified phishing URL blacklists the whole domain until the problem is fixed. (The idea behind SiteTruth is to take a hard-line approach and measure the collateral damage so it can be minimized.) The oldest sites on that list are ones which won't respond to complaints by e-mail or phone. In some cases we've sent faxes.
The worst offenders are Piczo and FortuneCity. Piczo is some kind of social network/hosting service for teenage girls, and it's full of phishing pages, mostly for Habbo logins. PhishTank counts 15, and there are probably more. The phony pages are often not in English, and the Piczo abuse department may not recognize a French Habbo phishing page. This may be the next trend in phishing - put your page on a site run by someone unlikely to understand the page. I've seen a phishing page in Greek on an Indian site.
It's getting harder to run a phishing site. Since the end of "domain tasting", the business of high-volume bogus domain registration has tapered off. We haven't seen an "open redirector" on a major site in a while; eBay, Yahoo, and Microsoft Live all used to have at least one. The "url shorteners" are getting very aggressive about killing links to phishing sites. This might be winnable.