I love to analyse and take apart phishing pages. Such phishing pages are nothing new, you can find them almost daily. I always enjoy poking around and investigating if I find something new, something of interest or just some sort of timestamp to be able to pinpoint the speed a gang has in setting up new phishing pages.
A little while ago, I found a curiously named folder on a phishing page. By poking around and guessing other names, I suddenly was offered a ZIP file, with all the phishing pages source code inside. Quickly analyzing the code, I have seen that the attackers have simple created a send.php file, which reads the form fields and sends an email. Extremely simple, yet very efficient. You don’t need a database, your own mailserver or any other infrastructure. Just use the php-built-in email service.
Another funny thing I noticed was the included “readme.txt” file. The content of the file suggested that some third-party did develop the script for the phishing gang. This is another indication, that phishing has become some sort of “as-a-service” deal.
READ ME Just Unzip the file you will find and index.html page, one folder and snd.php file just Open the send.php and change the Email Address to your address and save it Then Upload the script and you are good to go.... EASY and fast CIao
Sample: ebbd0bebd9870f2d294db98d99767267 (md5)
Size: 189 KB
Photo by Kenneth Lu, via Flickr.