Phishing & BotNets
RE: Anti-Phishing Mar 11 2006 08:11PM
Stejerean, Cosmin (cosmin cti depaul edu) (1 replies)
Re: Anti-Phishing Mar 14 2006 08:48PM
Raghu nath (raghunath22 gmail com)

New addition to the list.

I have to agree with Cosmin here. Not only are there such programs
available, but we also have to consider the fact that a lot of these
scam sites are hosted on free hosting providers' servers. By
overloading these servers, we might inadvertently cause a lot of
problems for any legitimate (read non-phish/ spam) sites that might be
on the same server or share the same IP. I agree that the provider
should ensure that such sites are not hosted on their server, but they
would still be running a legitimate server, nonetheless.

Another point here would be that such activity would not be seen too
kindly upon by *any* authority and the consequences will not be


On 12/03/06, Stejerean, Cosmin <cosmin (at) cti.depaul (dot) edu [email concealed]> wrote:
> This might not work too well. I have seen automated programs that will
> validate credit card information by placing fake transaction of a couple
> of dollars to see if it gets cleared. I am not sure how much you can
> slow down this kind of process. I don't see anything unethical or
> illegal about doing this, although you run the really small chance that
> you will generate valid information.
> Cosmin Stejerean
> -----Original Message-----
> From: Jon R. Kibler [mailto:Jon.Kibler (at) aset (dot) com [email concealed]]
> Sent: Friday, March 10, 2006 8:15 AM
> To: phishing (at) securityfocus (dot) com [email concealed]
> Subject: Anti-Phishing
> Greetings All,
> What if we were able to make life more miserable for phishers? Would it
> slow them down or discourage them?
> Would it be ethical to do so? Legal?
> A thought along those lines: There are dozens of programs available that
> will generate 'legitimate' fake credit card numbers, bank account
> numbers, etc. There are all sorts of ways to generate lists of names.
> Use these types of programs to create millions of bogus identities. Then
> flood the phishing site with so much bogus information that it would
> become a real chore to sort out the legitimate phish caught from the
> decoys. To accomplish this would be simple:
> 1) Visit the phish site and determine the information they are
> collecting.
> 2) Write a simple shell script to generate the required bogus data in
> HTTP POST (or whatever method used) format.
> 3) Have the shell script submit the bogus data (netcat, etc.) to the
> phish site one bogus identity at a time.
> A real dumb phisher may even try to use bogus data and that may be the
> trigger that gets them caught.
> Just a thought...
> Jon Kibler
> --
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC USA
> (843) 849-8214
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> No Spam. No Viruses. Just Good Clean Email.

Ralph, the squirrel.

They say he's nuts, but that's just his lunch preference

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus