Tweet
The ease of use and availability of tools used for malicious schemes have always been a problem for security companies, since these greatly contribute to the quick proliferation of codes and files that can affect Internet users. Web sites that represent an individual or group of individuals giving away free code and software for the whole community to use as they please are available almost anywhere.
Netcraft recently reported of a certain “Mr. Brain” — actually a group of Moroccan fraudsters who recently launched a dedicated Web site for free phishing kits that anyone can use for their phishing activities. They lure interested parties by packaging the code as “easy-to-use” and “programmer-friendly,” since only a requirement on basic programming is needed to deploy this kit. Visitors of this site would hardly think twice in going for the bait, but upon closer inspection, it turns out that, though powerfully alluring, most good things are just too good to be true.
Certain codes were found to reveal the true nature of the email addresses where the phished information are to be sent once they were retrieved from the phishers’ victims: though the phished information are sent to the phishers, a copy of the phished information is also covertly sent back to Mr. Brain. Further analysis reveals what look like Mr. Brain’s email addresses from these code snippets:
Suffice it to say that the phishers who thought they had their victims didn’t know they had been had by Mr. Brain. This con saves Mr. Brain the more arduous task of hacking and compromising Web sites and deploying the phishing pages by himself: clearly a classic one-uppance the likes of which have never been seen before with regard to online theft.
Researcher Ivan Macalintal itemized the following banking and other establishments that can be affected by the Mr. Brain phishing scheme:
Ivan Macalintal and Senior Threat Analyst Robert McArdle provided information
Netcraft recently reported of a certain “Mr. Brain” — actually a group of Moroccan fraudsters who recently launched a dedicated Web site for free phishing kits that anyone can use for their phishing activities. They lure interested parties by packaging the code as “easy-to-use” and “programmer-friendly,” since only a requirement on basic programming is needed to deploy this kit. Visitors of this site would hardly think twice in going for the bait, but upon closer inspection, it turns out that, though powerfully alluring, most good things are just too good to be true.
Certain codes were found to reveal the true nature of the email addresses where the phished information are to be sent once they were retrieved from the phishers’ victims: though the phished information are sent to the phishers, a copy of the phished information is also covertly sent back to Mr. Brain. Further analysis reveals what look like Mr. Brain’s email addresses from these code snippets:
<input type=”hidden” name=”niarB” value=”32970696f6e6565722e627261696e40676d61696c2e 636f6d” />
and<input TXItQnJhaW5ARXZpbC1CcmFpbi5OZXQ=”);?>” name=”Send” type=”hidden” />
These code segments translate to the email addresses where the stolen information is sent.Suffice it to say that the phishers who thought they had their victims didn’t know they had been had by Mr. Brain. This con saves Mr. Brain the more arduous task of hacking and compromising Web sites and deploying the phishing pages by himself: clearly a classic one-uppance the likes of which have never been seen before with regard to online theft.
Researcher Ivan Macalintal itemized the following banking and other establishments that can be affected by the Mr. Brain phishing scheme:
- abbey.co.uk
- bankofamerica.com
- chase.com
- e-gold.com
- ebay.com
- hsbc.co.uk
- lloydstsb.com
- moneybookers.com
- nationwide.co.uk
- nbk.com.kw
- paypal.com
- regions.com
- stgeorge.com.au
- wachovia.com
- westernunion.com
Ivan Macalintal and Senior Threat Analyst Robert McArdle provided information
