Glide Underground

Phishers eat their own

Articles / Personal Stuff/Random News
Date: Jan 24, 2008 - 10:00 AM
Netcraft has an article on phishing groups that prey on other phishing groups: they put up "kits" that include backdoors and report tools to steal the info the other phishing groups get.

The configuration script exploits the case-sensitivity in PHP variable names to disguise Mr-Brain?s electronic mail address as an unrelated but seemingly essential part of the script, encouraging fraudsters not to alter it. The injected electronic mail address is actually contained in a completely separate PHP file, where it is encrypted in a hidden input field named "niarB", or "Brain" backwards. Yet another PHP script reads the value from this input field and decrypts it before supplying it to the configuration script. Most fraudsters are unlikely to notice this level of obfuscation and will assume the script is working normally, as they will also receive a copy of any emails produced by the script.

This article is from Glide Underground

The URL for this story is: