Introduction

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Fri Nov 06, 2009 1:44 pm

I go by NobodyYouShouldRecognize, but you can call me NYSR Twisted Evil

Favorite Site: http://www.foimb.com <caution, mature content>

I'm between 25 and 35 and have had my own computer since I was around 5, so I have basically seen the evolution of online scams.

I work in an IT related field.

I definately enjoy playing the role of a white-hat nowadays.

I had visited this site for the first time maybe a year ago, made a few more visits and finally decided to start posting and looking for leads on scammers to mess with.

While I have worked with various programming languages and grammers through the years including MS-BASIC, Q-BASIC and even COMMO, nowadays I prefer Python. Python can be ran in most any current environment such as L/U/nix, Windows and Mac.

For a long time I have taken random attacks against me somewhat personally and have done things like contact hosting companies, ICANN, registrars, the IC3 and even neighbors of the vilians. Back when VB explots were more commonplace, specifically those that traveled via Windows Shares being accessible directly accross the internet ( before routers were common ) I would even leave people notes on how to contact me and instructions for how to secure their computers. Once upon a time I rewrote a virus that would use the same mechanism for travel, but I swapped out the payload for one that automatically removed the vulnerability that is used to get there. I was kind of suprised it didn't make headlines, but then again it was also still detected as a virus by AV software.

Lately I wrote a program to help me combat phishers, those people who send SPAM that is meant to trick someone into thinking it links to their bank or some other valuable site with the goal of capturing login details and other personal information. Information on the program I wrote will be posted in the 'Publish your work' area.

I have shared information about baiting and leading on scammers with others and heard some first hand stories of what they did.

My intent here is to create a topic ( if it doesn't already exist ) where people can post phishing emails so that I can retrieve them and have a little fun while preventing the phishers from getting valuable information.

Posted: Fri Nov 06, 2009 2:12 pm

Welcome to Eater.
Phishing mails we don't normally have much to do with, unless they have fake sites attached that can be dealt with. Are you looking for those types? If so, the Fake Banks and websites forum is where you'll find them.

Baiting Guru Joined: 04 Jan 2006 Posts: 3193

Welcome to eater NYSR. It's nice to have another Python fan around.

You should be aware that any topic discussing sending viruses, trojans, keyloggers and the like will be shut-down immediately. (The number one reason being it's illegal, and the number two being it is too easy to affect innocent parties.)

Posted: Fri Nov 06, 2009 3:50 pm

thud419 wrote:

Welcome to eater NYSR. It's nice to have another Python fan around.

You should be aware that any topic discussing sending viruses, trojans, keyloggers and the like will be shut-down immediately. (The number one reason being it's illegal, and the number two being it is too easy to affect innocent parties.)

Understood, although I don't think what I spoke about should be considered as this since what I sent out was actually an 'antibody' as I like to call it.

Just as there are T-cells and such travelling through your body to fight infections,... I created a digital version of that for the internet, atleast for a particular baddy that was out.

Admin, if you want to talk to me, go ahead Smile

Inspector Gadget wrote:

Welcome to Eater.
Phishing mails we don't normally have much to do with, unless they have fake sites attached that can be dealt with. Are you looking for those types? If so, the Fake Banks and websites forum is where you'll find them.

The emails in question do have links to real looking mock-ups... but I will take a look at the forum area you mentioned. Thanx!

Baiting Guru Joined: 03 May 2007 Posts: 18313

Welcome, NobodyYouShouldRecognize. Very Happy

Please do check out the fake sites forum but we don't shut down phishing sites/pages there. Our focus there is on fraudulent sites set up by scammers to prop up their advance fee fraud scams. (fake banks, couriers, law firms, etc.). Many of us do report phishing pages to the companies being spoofed, we just don't post them here.

Posted: Fri Nov 06, 2009 4:58 pm

Ima Baeder wrote:

Welcome, NobodyYouShouldRecognize. Very Happy

Please do check out the fake sites forum but we don't shut down phishing sites/pages there. Our focus there is on fraudulent sites set up by scammers to prop up their advance fee fraud scams. (fake banks, couriers, law firms, etc.). Many of us do report phishing pages to the companies being spoofed, we just don't post them here.

Yeah, actually I don't want to shut them down either... I haven't posted it yet, but the program I made directly connects to the website in question and uses POST to transmit faked information to them. There is a ton of random things including the delays inbetween each page, over 1500 proxy servers that are used, fake referrer information, browser agent info... basically the whole gammet, although the information looks valid. It can even answer security questions.

I figured that this way, with the delays, even people who get tricked are somewhat protected because the phishers will not know what information is real and what's fake.

Posted: Fri Nov 06, 2009 5:36 pm

Welcome here , NobodyYouShouldRecognize.
Happy baiting!

Posted: Fri Nov 06, 2009 5:52 pm

NobodyYouShouldRecognize wrote:

Yeah, actually I don't want to shut them down either... I haven't posted it yet, but the program I made directly connects to the website in question and uses POST to transmit faked information to them.

I figured that this way, with the delays, even people who get tricked are somewhat protected because the phishers will not know what information is real and what's fake.

There's at least one service out there that does the same job:

http://www.phishfighting.com/

A great tool. Hopefully yours will be as successful. Very Happy

Posted: Fri Nov 06, 2009 5:56 pm

Welcome NYSR. There was a program or a website that flooded phishing sites with fake logins and pw's, was it Phish Fryer or something? It was discussed on here, but not really what we normally do.

BTW, please don't quote whole posts, we can see them above yours. As it's your first day, I won't get all heavy handed with my 'Edit' button, but just be aware we don't do it, some forums that do end up with posts viewed down a long oblong tunnel. Wink

ETA: Phishfighter, that's the one, thanks Slightly. OP, please ignore the fact that the rabid squirrel just did what I just told you not to do, he's new.

Posted: Fri Nov 06, 2009 6:05 pm

I definately would edit the quotes, so there was only the last one in my reply. I actually didn't use quote, and then I went back and edited the post Surprised

Either way, thanks for the links peoples... I'll check them out and eventually I will publish some of the anti-scamming that I have done.

Thanks Again!

Posted: Fri Nov 06, 2009 6:30 pm

I never quoted the whole post either.

Just the pertinent points that make my post more glorious.
Bloody pedants.

Baiting Guru Joined: 31 Jan 2007 Posts: 12237

Hi NYSR and besco, welcome to Eater.

@besco, Assuming that your post was not spam, I suggest you remove the link, it exposes your real life details. If you really want to become a baiter, I am sure your services as a Mandarin translator could prove invaluable.

Posted: Sat Nov 07, 2009 3:37 am

You know those masks aren't very effective. Surgical ones at least.

But on topic, welcome NYSR. Very Happy

Posted: Sat Nov 07, 2009 5:23 am

below is a little animation that shows some of the things my phisher program sends to phishing sites... basically though, I adjust copies of the software to be specific to each phishing site I come across. The graphic is just of the information generation front end, the actuall programs I use are console based.

The program uses over 1500 proxies that are grabbed daily from a proxy site and if they fail 3 times in one session then they are removed from the current proxy list.

Fake referrer information as needed, otherwise it's the previous page as it should be.

Randomly chosen web browser user agent per cycle.

The drivers license numbers are valid based on the generated name and such.

The addresses do NOT exist, but the phone numbers and zip codes match up with the randomly selected city.

I'm adjusting the social security number generator to not generate certain known non-issued SSN's.

The type of credit card is selected random, out of around 6 choices and the length and format match up with the proper card type. No check digits though since I don't want to generate real numbers.

Around 30 security questions and answers are generated each round that I can choose from as needed depending on how the site is setup.

Multiple passwords and emails each round, so I have backups and since some will look more real than others.

There are random delays between filling out each set of forms.

blah, blah, blah...

It also generates a log of all the information sent to the phisher...

The program can operate at speeds ranging from DoS ( which I don't use ) to as few times per day as I want based on an internal timer.

The program stops and notifies me when the site goes down... then can try again at a predetermined interval and alerts me if the page comes back but has changes or is mostly changed.

This program runs on *NIX, Windows and Mac OS X+... and uses VERY LITTLE resources... best is when it's ran in the background on a high power web server Twisted Evil

I have sent hundreds of thousands of batches of fake information over the last few months. Laughing

Normally while it is running, I contact a half dozen places with information on the site address being used and once the site is no longer active I like to make sure that the registrar and host know that it was a scammer.