Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing Group Caught Stealing From Other Phishers

Posted by samzenpus on from the what's-good-for-the-goose dept.

An anonymous reader writes "Netcraft has written about a website offering free phishing kits with one ironic twist — they all contain backdoors to steal stolen credentials from the fraudsters that deploy them. Deliberately deceptive code inside the kits means that script kiddies are unlikely to realize that any captured credit card numbers also end up getting sent to the people who made the phishing kits. The same group was also responsible for another backdoored phishing kit used against Bank of America earlier this month."

6 of 129 comments (clear)

  1. In soviet russia... by Anonymous Coward · · Score: 5, Funny

    ...phishers phish phishers... Say that five times fast.

  2. Re:How times have changed: you can't trust.....wai by cortesoft · · Score: 5, Interesting

    Except they are actually double feeding off innocent people.... some poor chap's info gets stolen by both the guy who deployed the phishing kit and the guy who wrote it.... which means its probably at least twice as likely to get used for fraud.

  3. Proverb by OldManAndTheC++ · · Score: 5, Funny

    Phish from a man and you take advantage of him for a day.

    Give a man a phishing kit and you take advantage of him for a lifetime.

    (of course by "man" we mean spotty-faced script kiddie, and by "lifetime" we mean until he wipes his harddisk, but proverbs are meant to be pithy and brief, not accurate.)

    --
    Soylent Green is peoplicious!
  4. Mr-Brain's site by aerthling · · Score: 5, Informative

    Here's his site: http://thebadboys.org/Brain/

  5. This is really sad.. by DigitAl56K · · Score: 5, Interesting

    .. you just can't trust malware anymore!

    Really though, this is nothing new. IIRC, some builds of Sub7 had a reverse backdoor (not covered in the wiki article), as well as a master password that let the Sub7 crew take over a server (covered by the wiki article), and some builds even included hard drive killer when the master password was in use.

  6. Re:I wish it were possible to zoom in... by Mr.+Roadkill · · Score: 5, Informative

    Naturally Netcraft won't tell you the real site name :-)
    Naturally. And who can blame them? I certainly don't - who knows what kind of nasties they might have lurking on those pages waiting for unsuspecting CEO's and CIO's and security experts who ought to know better?

    However, Google is your friend. Within 30 seconds of looking over the Netcraft article for helpfully unique strings, I found it. And went looking with lynx :-) I won't give the URL, to protect the stupid from themselves, but it's not that hard to find.

    They've got ready-rolled scams for abbey.co.uk, bankofamerica.com, cahoot.co.uk, chase.com, egold.com, ebay.com, hsbc,co.uk, lloydstsb.com, moneybookers.com, nationwide.co.uk, nbk.com.kw, paypal.com, regions.com, stgeorge.com.au, wachovia.com and westernunion.com - and in some cases, they have more than one for particular organisations.

    Cool. Now who has a spare botnet, is willing to wade through this arsehole's source, and is willing to send garbage values to al-brain@hotmail.fr and albrain08@yahoo.fr?