paypal phishing site got hacked [Archive] - Glock Talk

PDA

View Full Version : paypal phishing site got hacked


David_G17
05-23-2005, 16:54
one of those fake sites trying to persuade people to give their paypal info got hacked, lol.

http://news.netcraft.com/archives/2005/05/18/online_vigilantes_fight_back_against_phishing_fraudsters.html

As fraudsters continue to target their victims with increasingly elaborate phishing sites, the surprise appearance of anti-phishing vigilantes is now hampering their operations.

A PayPal phishing site recently reported by the Netcraft Toolbar community was promptly taken down; not by the hoster or law enforcement agency, but seemingly by a vigilante with an interest in disabling such sites and protecting innocent web users:

http://news.netcraft.com/archives/2005/05/18/paypal-vigilante.png

The phishing site was replaced with a warning page, created with the open source OpenOffice.org suite on Windows. The identity of "sickophish" is not known, nor is it known how he gained access to the web server to perform the act of vigilantism.

Phishing sites are commonly found hosted on compromised web servers, where lack of security allows fraudsters to access machines and upload phishing content. If a fraudster exploits these security weaknesses without subsequently securing the machine, then online vigilantes are just as likely to exploit the weaknesses to go in and replace the fraudulent content.

Another phishing site this time imitating NatWest Bank in the UK was recently defaced by The Lad Wrecking Crew, which has been involved in several previous defacements and even offers a selection of desktop wallpapers that can be placed on "captured" phishing sites.

http://news.netcraft.com/archives/2005/05/18/bank-vigilante.jpg

Typical messages added to captured sites include, "Were you looking for the bank that was supposed to be here? We trashed it because it wasn't real," continuing with, "You could have lost thousands of dollars of your hard-earned life-savings! There is no need to thank us, really."

While phishing is undoubtedly an illegal activity, the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged.

Netcraft provides a free anti-phishing Toolbar which offers protection against phishing sites, as well as providing the opportunity to report new phishing sites. So far this year, the Netcraft Toolbar community has reported over 6,600 different phishing sites, and this list of sites is also available as a feed suitable for integration with web proxies and mail filters.

fastvfr
05-23-2005, 22:26
There is quite a community of hackers working to better the Net these days, from what I gather.

Good for them.

The best part is, they are using the same vulnerabilities that the phishers used to hijack those pages and URLs in the first place!

Poetic justice at its finest.

MB-G26
05-26-2005, 19:33
Wish they c/disable multiple-repeat dictionary spammers the same way!
the legality of defacing phishing sites is also quite questionable, but in cases observed by Netcraft so far it is reasonable to assume that only the fraudsters themselves have been disadvantaged.

And the original phishers' legally recoverable damages would be what, exactly?
Hehehehe.....
m