Phishing & BotNets
Back to list
Mar 11 2006 08:11PM
Stejerean, Cosmin (cosmin cti depaul edu)
This might not work too well. I have seen automated programs that will
validate credit card information by placing fake transaction of a couple
of dollars to see if it gets cleared. I am not sure how much you can
slow down this kind of process. I don't see anything unethical or
illegal about doing this, although you run the really small chance that
you will generate valid information.
From: Jon R. Kibler [mailto:Jon.Kibler (at) aset (dot) com [email concealed]]
Sent: Friday, March 10, 2006 8:15 AM
To: phishing (at) securityfocus (dot) com [email concealed]
What if we were able to make life more miserable for phishers? Would it
slow them down or discourage them?
Would it be ethical to do so? Legal?
A thought along those lines: There are dozens of programs available that
will generate 'legitimate' fake credit card numbers, bank account
numbers, etc. There are all sorts of ways to generate lists of names.
Use these types of programs to create millions of bogus identities. Then
flood the phishing site with so much bogus information that it would
become a real chore to sort out the legitimate phish caught from the
decoys. To accomplish this would be simple:
1) Visit the phish site and determine the information they are
2) Write a simple shell script to generate the required bogus data in
HTTP POST (or whatever method used) format.
3) Have the shell script submit the bogus data (netcat, etc.) to the
phish site one bogus identity at a time.
A real dumb phisher may even try to use bogus data and that may be the
trigger that gets them caught.
Just a thought...
Jon R. Kibler
Chief Technical Officer
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
[ reply ]
Copyright 2010, SecurityFocus