automated tool for phishing reporting

Phishing operations, including perpetrators, how to report them and get them shut down.

automated tool for phishing reporting

Postby efa » Mon Sep 21, 2009 6:35 pm

taking pieces of code from xComplaint, I'm writing an automated tool for phishing reporting.
Automatically discern if a web site is cracked or is a phish domain (just registered), recover host or registrar and so on.
My idea is also to keep track of all received links, and periodically check if are suspended.

First version will be a bash script, next will be a compiled C, last a C with GUI.
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: automated tool for phishing reporting

Postby spamislame » Mon Sep 21, 2009 7:44 pm

Definitely keep us updated. I have a gaggle of people who would use this on a daily basis.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: automated tool for phishing reporting

Postby meep » Tue Sep 22, 2009 10:08 pm

Nice, just caught this post, efa. Thank you for your contribution. I look forward to seeing it later. :)
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: automated tool for phishing reporting

Postby AlphaCentauri » Tue Sep 22, 2009 11:17 pm

I don't know how complex the programming would be, but a program that would save a timestamped copy of the data would help replace what Castlecops's PIRT was doing, as far as saving data for law enforcement.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: automated tool for phishing reporting

Postby efa » Thu Sep 24, 2009 3:25 pm

AlphaCentauri wrote:a program that would save a timestamped copy of the data

are you speaking about saving the phish email or saving the phish web site?
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: automated tool for phishing reporting

Postby AlphaCentauri » Thu Sep 24, 2009 4:51 pm

efa wrote:
AlphaCentauri wrote:a program that would save a timestamped copy of the data

are you speaking about saving the phish email or saving the phish web site?


Saving anything that would be useful in court if someone gets arrested -- documenting the email with headers to show he violated the law using someone else's computer to mail it and that there were false statements in the message, document the hosting and registration information, document the content of the sites -- if you can do all of it, you're recreating PIRT, which a lot of people would like to see happen. The question is where to store the data, how much you can store, how to do it so it can't be altered without a time stamp for legal purposes, and how to get law enforcement to take notice. Even doing part of it would be useful.

There are lots of agencies with spamtraps working with law enforcement, saving the raw spams with headers. So if we can't do everything, saving the spam is not critical. It would be useful having documentation of the registration information, nameserver information, the IP's where each was hosted, maybe some sampling of the changing IP's for fast flux, etc. Our own stored sent Complainterator reports are informal documentation, but again, they aren't as valid for legal purposes since they can be altered without it being apparent what's been done or when or by whom.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: automated tool for phishing reporting

Postby efa » Thu Sep 24, 2009 6:08 pm

saving phish/spam email is already done by xComplaint in "forwarded.txt" local file, so it is easy.
Saving web pages is little difficult, but xComplaint from last version download the web pages to look for redirection link, and so it is not so difficult to save also these data.
As now I use 'wget' to download web pages as xComplaint is a CLI application, but with the GUI version I can use WebKit
http://en.wikipedia.org/wiki/WebKit
that seems faster then Gecko (Mozilla engine).

The difficulties come from recovering all other informations, space to save all the web sites, and a form of protection against alterations (I can't imagine a valid one)

I do not know the story behind PIRT and Castlecops (I'm interested in), but I know that the only software that survive to time is opensource.
Imagine an author, lot of work to write an application, keeping it closed source. Time passes, interest changes. The author become not interested in further developing or simply miss time. All the good work is lost. I remember tens of applications disappeared so. And many others released as opensource as they can survive.
GPL software can be further developed from other people. Imagine a collaborative work, we can reach objectives that one men alone can't.
This is the trick behind GNU and Linux, collaborative work, shared intelligence and opensource. They often arrive later, but do it better and forever.
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: automated tool for phishing reporting

Postby efa » Sun Jun 20, 2010 7:29 pm

I developed a piece of code to decode any escape sequences inside javascript embedded in html pages attached to emails. This is a recent technique used by phisher to hidded POST link. Will become part of xPhish. As now xPhish will be packaged with next version of xComplaint.
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm


Return to Phishers

Who is online

Users browsing this forum: No registered users and 1 guest

cron