Porn Site Hacked, 16K Emails Snatched, Epic Fail at PayPal Phishing Attempt
Friday morning I got an interesting email…
Looks like a typical phishing email, right? Sure. There were two things that got my attention though…
1. It got through Gmail’s spam filter.
2. The link went to PayPal’s real login page. WTF?
Usually, a phishing email will use the correct address as the anchor text of a spoof log-in page link. Simply mousing over such a link reveals the true link in your status bar though. So, it’s fairly easy even for a novice computer user to spot as BS.
Example:
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Viewing the source code of the original email revealed an epic fail.
<a class="Style5 Style2"
onmouseover="window.status='https://www.paypal.com/cgi-bin/webscr?cmd=_login-run'; return true" onmouseout="window.status=''" target="_blank" href="http://pimpyaho.com/functions/us/"> <font size=3D"2">https://www.paypal.com/cgi-bin/webscr?cmd=3D_login-run</font></a> </font>
The above shows that this retard was trying the old use JavaScript to make the status bar display whatever you want trick. Too bad for this idiot, modern email clients filter JavaScript. In both Gmail and Yahoo that code ended up looking like the below.
<a href="http://pimpyaho.com/functions/us/" target="_blank"><font size="2"></font></a>
<font size="2"><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_login-run" target="_blank">https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a>
So, the link ended up pointing to the real PayPal login. Epic fail, indeed.
Digging further, I saw that the phishing page he intended to send people to was on a porn site. The site is part of a lucrative network owned by a guy whom I made an ad buy from in the past. His ad system requires a person to sign up as a regular member of his site before making a purchase. This explained how I ended up getting that email. His user database had obviously been compromised.
I posted some info about this mess on a forum he hangs out on to make sure he knew what was happening and to get more info.
Here’s the skinny:
1. Homeboy hired an outside company to develop a bespoke chat solution for one of the sites sitting on that server.
2. Said company was given shell access to speed up the delivery of the product, etc.
3. A shoutcast server magically began running on the server – pushing 25Mbit of bandwidth.
Side note: The files had been removed so there was no shoutcast config. Once shoutcast has been started, it doesn’t require its own files in Linux to continue to run, so they were obviously removed in an attempt to hide it.
4. “[After discovering / removing the phishing setup] the files popped back [within seconds]… I then shut down pimpyaho.com, so the site physically wasn’t running… still the files came back. This meant the user HAD to have some sort of shell access.”
5. “Have now sorted the breach and made sure it can’t happen again. I can tell you that they managed to get hold of around 16,000 email addresses, however the [other site's user] database is up around 80k, so at least they didn’t get hold of that.”
Ouchness++
Dude….did someone open a major can of tardsauce or what?
JL-
Power Pulver, Vitalstoffe der Zukunft. Das Power Pulver ist einfach in Zubereitung und Anwendung.
Es kommt 1 TL in ein Glas Wasser, 2 bis 3 mal rühren und schon ist der POWER Drink fertig.
Einfacher geht es nicht. So können die hochwirksamen bioverfügbaren Inhaltsstoffe bereits im Mund über
die Schleimhaut aufgenommen werden, die Wirkung wird so rasant spürbar. Anwender sind sehr begeistert.
Gerade für viele Frauen ist es schwierig, Tabletten oder Kapseln zu schlucken. Power Pulver wird getrunken,
das ist angenehmer und wird so um ein Vielfaches schneller dem Körper zur Verfügung gestellt.
Power Pulver sollte jedoch nicht als Ersatz einer abwechslungsreichen Ernährung verwendet werden.
Saklig informasjon p dette rapporter ble forsket hovedsakelig fra Encyclopedia Britannica og Wikipedia. Cost-Free opsjoner er stedet sammenligner spesifikasjoner gjennom 35 modell tittel kajakker i tillegg som beskjedne bter og kanoer. Free ebook den hvordan du kan gjenkjenne nordamerikanske WaterfowlCanada nord er mrkt, kaldt og fiendtlig. Utrolig flere folk bor der. Det er flere veier, svermer av mygg og hyppige elendig klima s det er risikofri for si det milj er ugjestmilde . Vr forventer f lamsltt av hva lever der. For ett , den Brant Goose (Branta bernida) raser her. ( Det er virkelig generelt kalt av alle 3 av navnene inni tittelen skjnt Brant Goose var unike sammen med mest aksepterte identifisere ). Bare to sn- gratis ukers fra kalenderr er egnet for dette, og innenfor nettopp denne gangen, legger det og klekkes eggene, hever unge og tar borte til vintersesongen begge Mer sr eller fly 8000 miles hele Atlanterhavet til nettsteder som Jersey kyst. Hva er noen reise og det behov bli i gunstig skjema fullfre det.
When temperature is under the sun to zero, people aim in behalf of a unvarnished feeling to accumulate solidity testy and undisturbed, in disposal to fend frozen boloney, people focus on winter jackets ?a high-priority equipment during winter.
Besides so assorted products, North Out Jackets as highly as Canada Goose Jackets are attmpet to be master select for family. The Canada goose (Branta canadensis) is dr dre headset
song of the most widely distributed waterbirds in North America. Geese can spread in size from 22 to 48 inches from beak to feet and can weigh from three to 24 pounds. Husky geese can accept a wing reach over of six feet. The most identifying splotch on Canada geese is the pale cheek patch.