Phishing and being phished! by webDEViL

1. Phishing and being phished!<br />By webDEViL<br />Early morning I was checking my mail as usual. I get a message from my bank that I need to update because of some new security measures.<br />Well since the mail landed in my inbox and not my spam folder I had to check it out. For fun!<br />I click on Personal (and do remember that I am not going to put in any information in any form).<br />Ok, cool! the site is the same, since the code is a pure copy and paste from the original site. Now, some would fall for this, giving all their info and getting screwed.<br />I wanted to understand how and probably who is doing this. So I use one of my super powers, source code revealing skills. Let us take a look at what is behind this.<br />Initially when we opened the file, the attachment, we are moved to…<br />Then after clicking on “personal”; comes the form. Let’s see where the data is going, let’s search for “action” in the html source code.<br />So post.php is being used to submit the data and you are then shown “showRegret()” ;)<br />What is there in post.php?<br />Ah, your info is being mailed to a gmail address. Oh lord! I would have thought this was more complicated, but hell.<br />But then I realize that are some more things “$to”, what is that? I decide to have a look at java.js<br />A bit of obfuscation for the $to parameter. We’ll just add a print command to see what that really is,<br />Print $send = rippychippy@gmail.com<br />Cool, another email address to which the information is being sent. Was the phisher owned, I think so!<br />Anyways, don’t fall for such stuff. ;)<br />